{ "Name": "ManageEngine OpManager infoleak (CVE-2020-11946)", "Description": "Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.This key can be used to add a root account.Affected:Builds 12.3.xxx-12.4.195 Builds 12.5.000-12.5.119", "Product": "OpManager", "Homepage": "https://www.manageengine.com/", "DisclosureDate": "2021-06-11", "Author": "i_am_ben@qq.com", "FofaQuery": "title=\"OpManager\"", "GobyQuery": "title=\"OpManager\"", "Level": "2", "Impact": "", "Recommendation": "", "References": [ "https://www.manageengine.com/network-monitoring/security-updates/cve-2020-11946.html", "https://ssd-disclosure.com/ssd-advisory-unauthenticated-access-api-key-access-leads-to-rce/" ], "HasExp": true, "ExpParams": [ { "name": "adduser", "type": "input", "value": "xxx@localhost.host" }, { "name": "addpass", "type": "input", "value": "123456" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": null, "Tags": [ "infoleak" ], "CVEIDs": [ "CVE-2020-11946" ], "CVSSScore": "7.5", "AttackSurfaces": { "Application": [ "ManageEngine OpManager" ], "Support": null, "Service": null, "System": null, "Hardware": null }, "Recommendation": "

undefined

" }