Information Disclosure: Exposing Internal Hostname in Zoho ManageEngine Desktop Central
CVE-2022-23779 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
Learn more about our Cis Benchmark Audit For Desktop Software.