CVE-2023-6105

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 15, 2023
Updated: Dec 28, 2023
CWE ID 200

Summary

CVE-2023-6105 is an information disclosure vulnerability that affects multiple ManageEngine products. This vulnerability allows a low-privileged OS user with access to the host where the affected product is installed to view and use exposed encryption keys to decrypt product database passwords, thereby gaining unauthorized access to the ManageEngine product database. The vulnerability has a base severity of MEDIUM with a base score of 5.5 according to CVSS version 3.1. The exploitability score is 1.8, indicating a relatively low difficulty in exploiting the vulnerability. The impact score is 3.6, with high confidentiality impact and no integrity or availability impact. It poses a potential danger to organizations as it can lead to unauthorized access and exposure of sensitive data stored in ManageEngine product databases.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6105 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options