Exposure of Mail Server Configuration File in Zoho ManageEngine DataSecurity Plus
CVE-2019-17112 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).
Learn more about our Cis Benchmark Audit For Server Software.