CVE-2010-3273 — Improper Input Validation in Manageengine Adselfservice Plus

CWE-20 — Improper Input Validation7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Adselfservice Plus

Timeline

PublishedFeb 17

Latest updateMay 14

Description

ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_adselfservice_plus4.4

🔴Vulnerability Details

GHSA

GHSA-6c5v-7rg2-fmv9: ZOHO ManageEngine ADSelfService Plus before 4↗2022-05-14

▶

CVEList

CVE-2010-3273: ZOHO ManageEngine ADSelfService Plus before 4↗2011-02-17

▶

💥Exploits & PoCs

Nuclei

Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure

▶

📋Vendor Advisories

Red Hat

JBossEAP status servlet info leak↗2010-04-26

▶

💬Community

Bugzilla

CVE-2010-1429 JBossEAP status servlet info leak↗2010-04-26

▶