CVE-2021-33617
published 2021-07-31CVE-2021-33617: Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
2.05%
78.9th percentile
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_password_manager_pro | < 11.2 | 11.2 |
| zohocorp | manageengine_password_manager_pro | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Unit42
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
blogs_unit42·2021-12-02
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
## Executive Summary
Over the course of three months, a persistent and determined APT actor has launched multiple campaigns which have now resulted in compromises to at least 4 additional organizations, for a total of 13. Beginning on Sept. 16, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. Building upon the findings of that initial report, on Nov. 7, Unit 42 disclosed a second, more sophisticated, active and difficult-to-detect campaign that had resulted in the compromise of at least nine organizations.
As an update to our initial
Unit42
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
blogs_unit42·2021-12-02
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Threat Research Center
Threat Research
Cybercrime
## APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Robert Falcone
Peter Renals
Published: December 2, 2021
Cybercrime
Threat Research
Advanced Persistent Threat
Godzilla webshell
ServiceDesk Plus
TiltedTemple
Zoho ManageEngine
## Executive Summary
Over the course of three months, a persistent and determined APT actor has launched multiple campaigns which have now resulted in compromises to at least 4 additional organizations, for a total of 13. Beginning on Sept. 16, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password
https://herolab.usd.de/security-advisories/usd-2021-0015/https://www.manageengine.comhttps://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11200https://herolab.usd.de/security-advisories/usd-2021-0015/https://www.manageengine.comhttps://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11200
2021-07-31
Published