CVE-2016-1159

EPSS 3.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 3.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

09 Mar 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

Affected products

ZOHO · Password Manager Pro (PMP)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://jvn.jp/vu/JVNVU90405898/index.html https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html https://www.manageengine.com/products/passwordmanagerpro/release-notes.html