CVE-2019-7161

high

Description

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.

References

https://www.manageengine.com/products/self-service-password/release-notes.html

https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/

https://www.excellium-services.com/cert-xlm-advisory

https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7161

Details

Source: Mitre, NVD

Published: 2019-03-21

Updated: 2025-05-30

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.058

Detections

Analytics