CVE-2023-6105

Name: CVE-2023-6105
Creator: NVD / NIST
Published: 2023-11-15T21:15:08.49+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.69%

Last modified Jun 17, 2026

CVE-2023-6105 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. EPSS estimates a 0.69% chance of exploitation in the next 30 days.

Description

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.69%

48.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions	Update
Zohocorp	Manageengine Analytics Plus	< 5.3	—
Zohocorp	Manageengine Appcreator	< 2.0.0	—
Zohocorp	Manageengine Application Control Plus	< 11.2.2328.01	—
Zohocorp	Manageengine Browser Security Plus	< 11.2.2328.01	—
Zohocorp	Manageengine Device Control Plus	< 11.2.2328.01	—
Zohocorp	Manageengine Endpoint Central	< 11.2.2322.01	—
Zohocorp	Manageengine Endpoint Central Msp	< 11.2.2322.01	—
Zohocorp	Manageengine Endpoint Dlp Plus	< 11.2.2328.01	—
Zohocorp	Manageengine Mobile Device Manager Plus	< 10.1.2204.2	—
Zohocorp	Manageengine Mobile Device Manager Plus	10.1.2207.4	—
Zohocorp	Manageengine Os Deployer	< 1.2.2331.1	—
Zohocorp	Manageengine Patch Manager Plus	< 11.2.2328.01	—
Zohocorp	Manageengine Remote Access Plus	< 11.2.2328.01	—
Zohocorp	Manageengine Remote Monitoring And Management	< 10.2.11	—
Zohocorp	Manageengine Vulnerability Manager Plus	< 11.2.2328.01	—
Zohocorp	Manageengine Adselfservice Plus	< 6.3	—
Zohocorp	Manageengine Adselfservice Plus	6.3	6300
Zohocorp	Manageengine Admanager Plus	< 7.2	—
Zohocorp	Manageengine Admanager Plus	7.2	7200
Zohocorp	Manageengine Adaudit Plus	< 7.2	—
Zohocorp	Manageengine Adaudit Plus	7.2	7200
Zohocorp	Manageengine Cloud Security Plus	< 4.1	—
Zohocorp	Manageengine Cloud Security Plus	4.1	4100
Zohocorp	Manageengine Datasecurity Plus	< 6.1	—
Zohocorp	Manageengine Datasecurity Plus	6.1	6100
Zohocorp	Manageengine Exchange Reporter Plus	< 5.7	—
Zohocorp	Manageengine Exchange Reporter Plus	5.7	5700
Zohocorp	Manageengine M365 Manager Plus	< 4.5	—
Zohocorp	Manageengine M365 Manager Plus	4.5	Build4500
Zohocorp	Manageengine M365 Security Plus	< 4.5	—
Zohocorp	Manageengine M365 Security Plus	4.5	4500
Zohocorp	Manageengine Sharepoint Manager Plus	< 4.4	—
Zohocorp	Manageengine Sharepoint Manager Plus	4.4	4400
Zohocorp	Manageengine Recoverymanager Plus	< 6.0	—
Zohocorp	Manageengine Recoverymanager Plus	6.0	Build6001
Zohocorp	Manageengine Log360 Ueba	< 4.0	—
Zohocorp	Manageengine Log360 Ueba	4.0	Build4010
Zohocorp	Manageengine Patch Connect Plus	9.0.0	Build90001
Zohocorp	Manageengine Secure Gateway Server	< 9.0	—
Zohocorp	Manageengine Secure Gateway Server	9.0	90012
Zohocorp	Manageengine Opmanager	< 12.5	—
Zohocorp	Manageengine Opmanager	12.5	Build125000
Zohocorp	Manageengine Opmanager	< 12.7	—
Zohocorp	Manageengine Opmanager	12.7	Build127000
Zohocorp	Manageengine Oputils	< 12.5	—
Zohocorp	Manageengine Oputils	12.5	Build125000
Zohocorp	Manageengine Oputils	< 12.7	—
Zohocorp	Manageengine Oputils	12.7	Build127101
Zohocorp	Manageengine Firewall Analyzer	< 12.5	—
Zohocorp	Manageengine Firewall Analyzer	12.5	Build125000

Showing 50 of 72 affected configurations. See NVD for the full list.

References

https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html
https://www.tenable.com/security/research/tra-2023-35Exploit, Third Party Advisory
https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html
https://www.tenable.com/security/research/tra-2023-35Exploit, Third Party Advisory

Timeline

Published: Nov 15, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-6105?

How severe is CVE-2023-6105?

CVE-2023-6105 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.69% probability of exploitation in the next 30 days.

How do I fix CVE-2023-6105?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-6105?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST