CVE-2022-23779

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
02/03/2022
Last modified:
09/03/2022

Description

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:* 10.1.2137.8 (excluding)