CVE-2022-24446: 
Zoho ManageEngine Key Manager Plus vulnerability analysis and mitigation

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6 that allows a user with Operator level privileges to view all SSH servers and user information, even when no SSH server or user is associated with them. The vulnerability was discovered on January 9, 2022, and was fixed in version 6200 released on January 31, 2022 (CERT-XLM).

The vulnerability has been assigned a CVSS v3.1 score of 4.3 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access and low privileges to exploit, with no user interaction needed, and results in low confidentiality impact without affecting integrity or availability (CERT-XLM).

The vulnerability allows unauthorized access to SSH server information and user details, potentially exposing sensitive system configuration data to users with Operator level access. This represents a confidentiality breach as users can view information they shouldn't have access to (CERT-XLM).

The vulnerability has been fixed in ManageEngine Key Manager Plus version 6200. Organizations using affected versions should upgrade to version 6200 or later to address this security issue (ManageEngine Release Notes).