An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
2022-03-02T15:15:08.230
2025-05-30T16:15:29.903
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | zohocorp | manageengine_key_manager_plus | ≤ 5.9 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.0 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.0 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.0 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.1 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.1 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.1 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.1 | Yes |
| Application | zohocorp | manageengine_key_manager_plus | 6.1 | Yes |