CVE-2022-36413

CWE-3073 documents3 sources
Severity
9.1CRITICAL
EPSS
1.4%
top 19.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Adselfservice Plus
Timeline
PublishedMar 23

Description

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

Patches

Patch: www.manageengine.comPatch: www.manageengine.com

🔴Vulnerability Details

2
GHSA
GHSA-h7jx-w3wh-pw57: Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications2023-03-23
CVEList
CVE-2022-36413: Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications2023-03-23
CVE-2022-36413 (CRITICAL CVSS 9.1) | Zoho ManageEngine ADSelfService Plu | cvebase.io