Lucene search
China National Vulnerability DatabaseCNVD-2022-02473HistoryJan 05, 2022 - 12:00 a.m.
ZOHO ManageEngine ADSelfService Plus has an unspecified vulnerability (CNVD-2022-02473)
2022-01-0500:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
zoho manageengine
adselfservice plus
vulnerability
changepasswordapi
windows domain user
security
EPSS
0.007
Percentile
80.5%
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO’s integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability stems from build 6116 of ManageEngine ADSelfService Plus containing an observable response discrepancy in the UMCP operation of ChangePasswordAPI. A remote, unauthenticated attacker could use this vulnerability to determine if a Windows domain user exists.
Related
cvelist
cvelist
CVE-2021-20147
2022-01-03 21:07:10
prion
prion
Design/Logic Flaw
2022-01-03 22:15:00
nvd
nvd
CVE-2021-20147
2022-01-03 22:15:08
cve
cve
CVE-2021-20147
2022-01-03 22:15:08