Abstract Advisory Information
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A service exposed by the application allows a user to access stored certificates and associated key pairs.
Authors: Dominique Righetto from Excellium-Services company
Name: Zoho ManageEngine Key Manager
Common Vulnerability Scoring System
5.4 – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Disclosure Timeline
- 09/01/2022: Vulnerability discovery
- 10/01/2022: Vulnerability Report to CERT-XLM
- 11/01/2022: Vulnerability Report to Vendor through bug bounty platform
- 11/01/2022: Acknowledge from vendor
- 31/01/2022: Vulnerability fixed
- 04/02/2022: Request CVE IDs to Mitre
- 04/02/2022: CVE IDs assigned CVE-2022-24447
- 21/02/2022: Vulnerability disclosure
Find more vulnerabilities in our Security Advisory section.