← back
CVE-2019-10273

CVE-2019-10273

EPSS 7.8%
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46674/unverifiedexploitdbwww.exploit-db.com/exploits/46674unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.htmlhttps://0x445.github.io/CVE-2019-10273/https://www.exploit-db.com/exploits/46674/