Exposure of Mail Server Configuration File in Zoho ManageEngine DataSecurity Plus

Exposure of Mail Server Configuration File in Zoho ManageEngine DataSecurity Plus

CVE-2019-17112 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).

Learn more about our Cis Benchmark Audit For Server Software.