CVE & CISA-KEV Catalog

CVE-2023-6105

MEDIUM
5.5
CVSS v3
NVD

Description

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.

How to fix

Remediation Available
manageengine access manager plusNVD
Affected:< 4.3Fixed in:4.3CVE-2023-6105derived from NVD
manageengine adaudit plusNVD
Affected:< 7.2Fixed in:7.2CVE-2023-6105derived from NVD
manageengine admanager plusNVD
Affected:< 7.2Fixed in:7.2CVE-2023-6105derived from NVD
manageengine adselfservice plusNVD
Affected:< 6.3Fixed in:6.3CVE-2023-6105derived from NVD
manageengine analytics plusNVD
Affected:< 5.3Fixed in:5.3CVE-2023-6105derived from NVD
manageengine appcreatorNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2023-6105derived from NVD
manageengine application control plusNVD
Affected:< 11.2.2328.01Fixed in:11.2.2328.01CVE-2023-6105derived from NVD
manageengine assetexplorerNVD
Affected:< 7.0Fixed in:7.0CVE-2023-6105derived from NVD
manageengine browser security plusNVD
Affected:< 11.2.2328.01Fixed in:11.2.2328.01CVE-2023-6105derived from NVD
manageengine cloud security plusNVD
Affected:< 4.1Fixed in:4.1CVE-2023-6105derived from NVD
manageengine datasecurity plusNVD
Affected:< 6.1Fixed in:6.1CVE-2023-6105derived from NVD
manageengine device control plusNVD
Affected:< 11.2.2328.01Fixed in:11.2.2328.01CVE-2023-6105derived from NVD
manageengine endpoint centralNVD
Affected:< 11.2.2322.01Fixed in:11.2.2322.01CVE-2023-6105derived from NVD
manageengine endpoint central mspNVD
Affected:< 11.2.2322.01Fixed in:11.2.2322.01CVE-2023-6105derived from NVD
manageengine endpoint dlp plusNVD
Affected:< 11.2.2328.01Fixed in:11.2.2328.01CVE-2023-6105derived from NVD
manageengine exchange reporter plusNVD
Affected:< 5.7Fixed in:5.7CVE-2023-6105derived from NVD
manageengine firewall analyzerNVD
Affected:< 12.7Fixed in:12.7CVE-2023-6105derived from NVD
manageengine log360 uebaNVD
Affected:< 4.0Fixed in:4.0CVE-2023-6105derived from NVD
manageengine m365 manager plusNVD
Affected:< 4.5Fixed in:4.5CVE-2023-6105derived from NVD
manageengine m365 security plusNVD
Affected:< 4.5Fixed in:4.5CVE-2023-6105derived from NVD
manageengine mobile device manager plusNVD
Affected:< 10.1.2204.2Fixed in:10.1.2204.2CVE-2023-6105derived from NVD
manageengine netflow analyzerNVD
Affected:< 12.7Fixed in:12.7CVE-2023-6105derived from NVD
manageengine network configuration managerNVD
Affected:< 12.7Fixed in:12.7CVE-2023-6105derived from NVD
manageengine opmanagerNVD
Affected:< 12.7Fixed in:12.7CVE-2023-6105derived from NVD
manageengine oputilsNVD
Affected:< 12.7Fixed in:12.7CVE-2023-6105derived from NVD
manageengine os deployerNVD
Affected:< 1.2.2331.1Fixed in:1.2.2331.1CVE-2023-6105derived from NVD
manageengine pam360NVD
Affected:< 5.7Fixed in:5.7CVE-2023-6105derived from NVD
manageengine password manager proNVD
Affected:< 12.3Fixed in:12.3CVE-2023-6105derived from NVD
manageengine patch manager plusNVD
Affected:< 11.2.2328.01Fixed in:11.2.2328.01CVE-2023-6105derived from NVD
manageengine recoverymanager plusNVD
Affected:< 6.0Fixed in:6.0CVE-2023-6105derived from NVD
manageengine remote access plusNVD
Affected:< 11.2.2328.01Fixed in:11.2.2328.01CVE-2023-6105derived from NVD
manageengine remote monitoring and managementNVD
Affected:< 10.2.11Fixed in:10.2.11CVE-2023-6105derived from NVD
manageengine secure gateway serverNVD
Affected:< 9.0Fixed in:9.0CVE-2023-6105derived from NVD
manageengine servicedesk plusNVD
Affected:< 14.3Fixed in:14.3CVE-2023-6105derived from NVD
manageengine servicedesk plus mspNVD
Affected:< 14.3Fixed in:14.3CVE-2023-6105derived from NVD
manageengine sharepoint manager plusNVD
Affected:< 4.4Fixed in:4.4CVE-2023-6105derived from NVD
manageengine supportcenter plusNVD
Affected:< 14.3Fixed in:14.3CVE-2023-6105derived from NVD
manageengine vulnerability manager plusNVD
Affected:< 11.2.2328.01Fixed in:11.2.2328.01CVE-2023-6105derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.69%probability of exploitation in 30 days
48thpercentile

Moderate risk: more likely to be exploited than 48% of all known CVEs.

References

Exploit1
Other references1

Related Vulnerabilities

Other CWE-200 (Information Exposure) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-24919High8.6100%KEV + Ransom-
CVE-2020-14181Medium5.3100%-Fix
CVE-2021-34429Medium5.399%-Fix
CVE-2018-11409Medium5.398%--
CVE-2021-41277Critical10.097%KEV-
CVE-2016-2183High7.596%-Fix
Embed a live status badge for CVE-2023-6105
CVE-2023-6105 severity badge

Markdown

[![CVE-2023-6105](https://tridentstack.com/cve/badge/CVE-2023-6105.svg)](https://tridentstack.com/cve/CVE-2023-6105)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-6105"><img src="https://tridentstack.com/cve/badge/CVE-2023-6105.svg" alt="CVE-2023-6105"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-02-13.