by Excellium SA

Abstract Advisory Information

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A service exposed by the application allows a user to access stored certificates and associated key pairs.

Authors: Dominique Righetto from Excellium-Services company

Version affected

Name: Zoho ManageEngine Key Manager
Versions: 6.1.6

Common Vulnerability Scoring System

5.4 – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N


version 6200


Vulnerability Disclosure Timeline

  • 09/01/2022: Vulnerability discovery
  • 10/01/2022: Vulnerability Report to CERT-XLM
  • 11/01/2022: Vulnerability Report to Vendor through bug bounty platform
  • 11/01/2022: Acknowledge from vendor
  • 31/01/2022: Vulnerability fixed
  • 04/02/2022: Request CVE IDs to Mitre
  • 04/02/2022: CVE IDs assigned CVE-2022-24447
  • 21/02/2022: Vulnerability disclosure

Find more vulnerabilities in our Security Advisory section.