Lucene search
+L

CVE-2022-28810

🗓️ 18 Apr 2022 12:22:59Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 621 Views🌐 WEB

Zoho ManageEngine ADSelfService Plus before build 6122 allows remote authenticated admin to execute arbitrary OS commands as SYSTEM

Related
Detection
Refs
Paths
ParameterPositionPathDescriptionCWE
POLICY_IDquery paramServletAPI/configuration/policyConfig/getAPCDetailsEndpoint to retrieve details for a specific policy, enabling insertion of a malicious payload into policy config.CWE-798CWE-78
APC_SETTINGS_DETAILSrequest bodyServletAPI/configuration/policyConfig/setAPCDetailsEndpoint to update policy configuration; used to inject or enable a malicious custom script payload.CWE-798CWE-78
POLICY_NAMErequest bodyServletAPI/configuration/policyConfig/setAPCDetailsEndpoint to update policy configuration; used to inject or enable a malicious custom script payload.CWE-798CWE-78
adscsrfrequest bodyServletAPI/configuration/policyConfig/setAPCDetailsEndpoint to update policy configuration; used to inject or enable a malicious custom script payload.CWE-798CWE-78
loginNamerequest bodyServletAPI/accounts/loginFirst step of authentication; POSTs credentials and CSRF token.CWE-798CWE-78
domainNamerequest bodyServletAPI/accounts/loginFirst step of authentication; POSTs credentials and CSRF token.CWE-798CWE-78
j_usernamerequest bodyServletAPI/accounts/loginFirst step of authentication; POSTs credentials and CSRF token.CWE-798CWE-78
j_passwordrequest bodyServletAPI/accounts/loginFirst step of authentication; POSTs credentials and CSRF token.CWE-798CWE-78
AUTHRULE_NAMErequest bodyServletAPI/accounts/loginFirst step of authentication; POSTs credentials and CSRF token.CWE-798CWE-78
adscsrfrequest bodyServletAPI/accounts/loginFirst step of authentication; POSTs credentials and CSRF token.CWE-798CWE-78
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:39Current
7High risk
Vulners AI Score7
CVSS 3.16.8
CVSS 27.1
EPSS0.70501
SSVC
621