Attacker Value
Unknown
CVE-2023-6105
CVE-2023-6105
(Last updated February 14, 2025) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None
General Information
Vendors
Products
- manageengine access manager plus
- manageengine access manager plus 4.3
- manageengine adaudit plus
- manageengine adaudit plus 7.2
- manageengine admanager plus
- manageengine admanager plus 7.2
- manageengine adselfservice plus
- manageengine adselfservice plus 6.3
- manageengine analytics plus
- manageengine appcreator
- manageengine application control plus
- manageengine assetexplorer
- manageengine assetexplorer 7.0
- manageengine browser security plus
- manageengine cloud security plus
- manageengine cloud security plus 4.1
- manageengine datasecurity plus
- manageengine datasecurity plus 6.1
- manageengine device control plus
- manageengine endpoint central
- manageengine endpoint central msp
- manageengine endpoint dlp plus
- manageengine exchange reporter plus
- manageengine exchange reporter plus 5.7
- manageengine firewall analyzer
- manageengine firewall analyzer 12.5
- manageengine firewall analyzer 12.7
- manageengine log360 ueba
- manageengine log360 ueba 4.0
- manageengine m365 manager plus
- manageengine m365 manager plus 4.5
- manageengine m365 security plus
- manageengine m365 security plus 4.5
- manageengine mobile device manager plus
- manageengine mobile device manager plus 10.1.2207.4
- manageengine netflow analyzer
- manageengine netflow analyzer 12.5
- manageengine netflow analyzer 12.7
- manageengine network configuration manager
- manageengine network configuration manager 12.5
- manageengine network configuration manager 12.7
- manageengine opmanager
- manageengine opmanager 12.5
- manageengine opmanager 12.7
- manageengine oputils
- manageengine oputils 12.5
- manageengine oputils 12.7
- manageengine os deployer
- manageengine pam360
- manageengine password manager pro
- manageengine patch connect plus 9.0.0
- manageengine patch manager plus
- manageengine recoverymanager plus
- manageengine recoverymanager plus 6.0
- manageengine remote access plus
- manageengine remote monitoring and management
- manageengine secure gateway server
- manageengine secure gateway server 9.0
- manageengine servicedesk plus
- manageengine servicedesk plus 14.3
- manageengine servicedesk plus msp
- manageengine servicedesk plus msp 14.3
- manageengine sharepoint manager plus
- manageengine sharepoint manager plus 4.4
- manageengine supportcenter plus
- manageengine supportcenter plus 14.3
- manageengine vulnerability manager plus
