2020-03-16 21:42:06
mitre
PUBLISHED
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a users role.