Vulnerability Details | |
---|---|
Impact | CVSS V3 rating: 7.5 (HIGH) |
Reported | 12th April 2020 |
Reported by | @kuncho, an independent Security Researcher |
Fixed | 20th April 2020 |
Affected Builds |
→ Builds 12.3.xxx - 12.4.195 |
Fixed in | Build 12.4.196/12.5.120 |
Overview | Unauthenticated access to API key disclosure from a servlet call |
Recommended Fix |
→ For builds 12.3.xxx - 12.4.195, please upgrade to NCM version 12.4.196. |
Unauthenticated access to API key disclosure from a servlet call.
We recommend that you upgrade to NCM Version 12.4.196 / NCM version 12.5.120 or contact our support team at itom-upgrades@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2020-11946 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.