What is CVE-2014-5377?

CVE-2014-5377 is a vulnerability in Manageengine Device_expert, classified under Information Disclosure. Published 2014-09-04.

Is CVE-2014-5377 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Manageengine Device_expert

CVE-2014-5377

ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request.

Vulnerability class: Information Disclosure

EPSS: 0.676 (98.6th percentile) — read the EPSS interpretation.

Affected products

Manageengine Device_expert
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

rapid7/metasploit-framework

References

34449 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Patch, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
20140827 [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert (mailing-list, x_refsource_FULLDISC)
69443 (vdb-entry, x_refsource_BID)
20140827 [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert (mailing-list, x_refsource_BUGTRAQ)
20140830 Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert (mailing-list, x_refsource_FULLDISC)
deviceexpert-cve20145377-info-disc(95562) (vdb-entry, x_refsource_XF)
20140827 Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert (mailing-list, Exploit, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2014-5377?: CVE-2014-5377 is a vulnerability in Manageengine Device_expert, classified under Information Disclosure. Published 2014-09-04.
Is CVE-2014-5377 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.