Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2022-28810

🗓️ 18 Apr 2022 12:22:59Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 616 Views🌐 WEB

Zoho ManageEngine ADSelfService Plus before build 6122 allows remote authenticated admin to execute arbitrary OS commands as SYSTEM

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		ManageEngine ADSelfService Plus Custom Script Execution Exploit
21 Apr 202200:00
zdt
ATTACKERKB		CVE-2022-28810
18 Apr 202200:00
attackerkb
Circl		CVE-2022-28810
18 Apr 202216:24
circl
CISA KEV Catalog		Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
7 Mar 202300:00
cisa_kev
CNNVD		ZOHO ManageEngine ADSelfService Plus 信任管理问题漏洞
18 Apr 202200:00
cnnvd
CNVD		ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CNVD-2022-55220)
20 Apr 202200:00
cnvd
Check Point Advisories		Zoho ManageEngine ADSelfService Plus Command Injection (CVE-2022-28810)
9 Jun 202200:00
checkpoint_advisories
Cvelist		CVE-2022-28810
18 Apr 202212:22
cvelist
Tenable Nessus		ManageEngine ADSelfService Plus < build 6122 Command Injection
13 Mar 202300:00
nessus
Metasploit		ManageEngine ADSelfService Plus Custom Script Execution
21 Apr 202217:42
metasploit
Rows per page
NVD
Node
zohocorpmanageengine_adselfservice_plusRange<6.1
OR
zohocorpmanageengine_adselfservice_plusMatch6.1-
OR
zohocorpmanageengine_adselfservice_plusMatch6.16100
OR
zohocorpmanageengine_adselfservice_plusMatch6.16101
OR
zohocorpmanageengine_adselfservice_plusMatch6.16102
OR
zohocorpmanageengine_adselfservice_plusMatch6.16103
OR
zohocorpmanageengine_adselfservice_plusMatch6.16104
OR
zohocorpmanageengine_adselfservice_plusMatch6.16105
OR
zohocorpmanageengine_adselfservice_plusMatch6.16106
OR
zohocorpmanageengine_adselfservice_plusMatch6.16107
OR
zohocorpmanageengine_adselfservice_plusMatch6.16108
OR
zohocorpmanageengine_adselfservice_plusMatch6.16109
OR
zohocorpmanageengine_adselfservice_plusMatch6.16110
OR
zohocorpmanageengine_adselfservice_plusMatch6.16111
OR
zohocorpmanageengine_adselfservice_plusMatch6.16112
OR
zohocorpmanageengine_adselfservice_plusMatch6.16113
OR
zohocorpmanageengine_adselfservice_plusMatch6.16114
OR
zohocorpmanageengine_adselfservice_plusMatch6.16115
OR
zohocorpmanageengine_adselfservice_plusMatch6.16116
OR
zohocorpmanageengine_adselfservice_plusMatch6.16117
OR
zohocorpmanageengine_adselfservice_plusMatch6.16118
OR
zohocorpmanageengine_adselfservice_plusMatch6.16119
OR
zohocorpmanageengine_adselfservice_plusMatch6.16120
OR
zohocorpmanageengine_adselfservice_plusMatch6.16121
ParameterPositionPathDescriptionCWE
APC_SETTINGS_DETAILSrequest body/ServletAPI/configuration/policyConfig/setAPCDetailsExploit CVE-2022-28810: injects a malicious payload into the policy's custom script settings to achieve arbitrary OS command execution (as SYSTEM) when the policy is applied.CWE-78CWE-798
SCRIPT_COMMAND_RESETrequest body/ServletAPI/configuration/policyConfig/setAPCDetailsExploit CVE-2022-28810: injects a malicious payload into the policy's custom script settings to achieve arbitrary OS command execution (as SYSTEM) when the policy is applied.CWE-78CWE-798
SCRIPT_COMMAND_UNLOCKrequest body/ServletAPI/configuration/policyConfig/setAPCDetailsExploit CVE-2022-28810: injects a malicious payload into the policy's custom script settings to achieve arbitrary OS command execution (as SYSTEM) when the policy is applied.CWE-78CWE-798
IS_CUSTOM_SCRIPT_ENABLED_RESETrequest body/ServletAPI/configuration/policyConfig/setAPCDetailsExploit CVE-2022-28810: injects a malicious payload into the policy's custom script settings to achieve arbitrary OS command execution (as SYSTEM) when the policy is applied.CWE-78CWE-798
IS_CUSTOM_SCRIPT_ENABLED_UNLOCKrequest body/ServletAPI/configuration/policyConfig/setAPCDetailsExploit CVE-2022-28810: injects a malicious payload into the policy's custom script settings to achieve arbitrary OS command execution (as SYSTEM) when the policy is applied.CWE-78CWE-798

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 04:39Current
7High risk
Vulners AI Score7
CVSS 3.16.8
CVSS 27.1
EPSS0.70419
SSVC
CWE-78CWE-798In Wild
cve-2022-28810zohomanageengineadselfservice plusos commandsremote authenticationnvd
616