Abstract Advisory Information
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user can see all SSH servers (and user information) even if no SSH server or user is associated with them.
Authors: Dominique Righetto from Excellium-services company
Name: Zoho ManageEngine Key Manager
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 09/01/2022: Vulnerability discovery
- 10/01/2022: Vulnerability Report to CERT-XLM
- 11/01/2022: Vulnerability Report to Vendor through bug bounty platform
- 11/01/2022: Acknowledge from vendor
- 31/01/2022: Vulnerability fixed
- 04/02/2022: Request CVE IDs to Mitre
- 04/02/2022: CVE IDs assigned CVE-2022-24446
- 21/02/2022: Vulnerability disclosure
Find more vulnerabilities in our Security Advisory section.