Information Disclosure: Exposing Internal Hostname in Zoho ManageEngine Desktop Central

Information Disclosure: Exposing Internal Hostname in Zoho ManageEngine Desktop Central

CVE-2022-23779 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.

Learn more about our Cis Benchmark Audit For Desktop Software.