CVE-2020-11946

Unauthenticated access to API key disclosure from a servlet call

Vulnerability Details
Impact CVSS V3 rating: 7.5 (HIGH)
Reported 12th April 2020
Reported by @kuncho, an independent Security Researcher
Fixed 20th April 2020
Affected Builds

→ Builds 12.3.xxx - 12.4.195

→ Builds 12.5.000 - 12.5.119

Fixed in Build 12.4.196/12.5.120
Overview Unauthenticated access to API key disclosure from a servlet call
Recommended Fix

→ For builds 12.3.xxx - 12.4.195, please upgrade to NCM version 12.4.196.

→ For Builds 12.5.000 - 12.5.119, please upgrade to NCM version 12.5.120.


Contact our support team (itom-upgrades@manageengine.com) in case of queries.

Description

Unauthenticated access to API key disclosure from a servlet call.

We recommend that you upgrade to NCM Version 12.4.196 / NCM version 12.5.120 or contact our support team at itom-upgrades@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2020-11946 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at itom-upgrades@manageengine.com.