Lucene search

[email protected]NVD:CVE-2022-36413

HistoryMar 23, 2023 - 8:15 p.m.

CVE-2022-36413

2023-03-2320:15:14

CWE-307

[email protected]

web.nvd.nist.gov

zoho

manageengine

adselfservice

vulnerability

password reset

idm applications

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.013

Percentile

86.2%

JSON

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.

Affected configurations

Nvd

Node

zohocorpmanageengine_adselfservice_plusRange<6.2

zohocorpmanageengine_adselfservice_plusMatch6.26200

zohocorpmanageengine_adselfservice_plusMatch6.26201

zohocorpmanageengine_adselfservice_plusMatch6.26202

zohocorpmanageengine_adselfservice_plusMatch6.26203

zohocorpmanageengine_adselfservice_plusMatch6.26204

zohocorpmanageengine_adselfservice_plusMatch6.26205

zohocorpmanageengine_adselfservice_plusMatch6.26206

zohocorpmanageengine_adselfservice_plusMatch6.26207

zohocorpmanageengine_adselfservice_plusMatch6.26208

zohocorpmanageengine_adselfservice_plusMatch6.26209

zohocorpmanageengine_adselfservice_plusMatch6.26210

zohocorpmanageengine_adselfservice_plusMatch6.26211

zohocorpmanageengine_adselfservice_plusMatch6.26212

zohocorpmanageengine_adselfservice_plusMatch6.26213

zohocorpmanageengine_adselfservice_plusMatch6.26214

zohocorpmanageengine_adselfservice_plusMatch6.26215

zohocorpmanageengine_adselfservice_plusMatch6.26216

zohocorpmanageengine_adselfservice_plusMatch6.26217

VendorProductVersionCPE
zohocorpmanageengine_adselfservice_plus*cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus6.2cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_adselfservice_plus	*	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus::::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207::::::
zohocorp	manageengine_adselfservice_plus	6.2	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208::::::

Rows per page:

1-10 of 191

References

www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.013

Percentile

86.2%

JSON

Related for NVD:CVE-2022-36413

cve1 cvelist1 prion1