Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-28810
HistoryApr 18, 2022 - 12:22 p.m.

CVE-2022-28810

2022-04-1812:22:59
mitre
www.cve.org
2

7 High

AI Score

Confidence

High

0.921 High

EPSS

Percentile

99.0%

JSON

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.

Related

metasploit 1
nessus 1
zdt 1
cisa_kev 1
nvd 1
packetstorm 1
attackerkb 1
cve 1
checkpoint_advisories 1
cnvd 1
prion 1
rapid7blog 4
thn 1
metasploit
metasploit
ManageEngine ADSelfService Plus Custom Script Execution
2022-04-19 17:33:54
nessus
nessus
ManageEngine ADSelfService Plus < build 6122 Command Injection
2023-03-13 00:00:00
zdt
zdt
ManageEngine ADSelfService Plus Custom Script Execution Exploit
2022-04-21 00:00:00
cisa_kev
cisa_kev
Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
2023-03-07 00:00:00
nvd
nvd
CVE-2022-28810
2022-04-18 13:15:08
packetstorm
packetstorm
ManageEngine ADSelfService Plus Custom Script Execution
2022-04-21 00:00:00
attackerkb
attackerkb
CVE-2022-28810
2022-04-21 00:00:00
cve
cve
CVE-2022-28810
2022-04-18 13:15:08
checkpoint_advisories
checkpoint_advisories
Zoho ManageEngine ADSelfService Plus Command Injection (CVE-2022-28810)
2022-06-09 00:00:00
cnvd
cnvd
ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CNVD-2022-55220)
2022-04-20 00:00:00
prion
prion
Default credentials
2022-04-18 13:15:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-04-22 16:44:10
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
2022-05-24 18:00:00
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
2022-04-14 15:48:37
thn
thn
CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems
2023-03-08 06:30:00

7 High

AI Score

Confidence

High

0.921 High

EPSS

Percentile

99.0%

JSON
Related for CVELIST:CVE-2022-28810
metasploit1nessus1zdt1cisa_kev1nvd1packetstorm1attackerkb1cve1checkpoint_advisories1cnvd1prion1rapid7blog4thn1