Latest Security News about cve 2019 19774

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0

Overview : An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running “select hostdetails from hostdetails” at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts […]