Lucene search

MitreCVE-2022-29457

HistoryApr 18, 2022 - 8:15 p.m.

CVE-2022-29457

2022-04-1820:15:09

CWE-522

mitre

web.nvd.nist.gov

106

cve-2022-29457

zoho

manageengine

adselfservice plus

adauditplus

exchange reporter plus

admanagerplus

ntlm hash disclosure

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.014

Percentile

86.5%

JSON

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

Affected configurations

Nvd

Node

zohocorpmanageengine_adaudit_plusRange<7.0.0

zohocorpmanageengine_adaudit_plusMatch7.0.0-

zohocorpmanageengine_adaudit_plusMatch7.0.07000

zohocorpmanageengine_adaudit_plusMatch7.0.07002

zohocorpmanageengine_adaudit_plusMatch7.0.07003

zohocorpmanageengine_adaudit_plusMatch7.0.07004

zohocorpmanageengine_adaudit_plusMatch7.0.07005

zohocorpmanageengine_adaudit_plusMatch7.0.07006

zohocorpmanageengine_adaudit_plusMatch7.0.07007

zohocorpmanageengine_adaudit_plusMatch7.0.07008

zohocorpmanageengine_adaudit_plusMatch7.0.07050

zohocorpmanageengine_adaudit_plusMatch7.0.07051

zohocorpmanageengine_adaudit_plusMatch7.0.07052

zohocorpmanageengine_adaudit_plusMatch7.0.07053

zohocorpmanageengine_adaudit_plusMatch7.0.07054

zohocorpmanageengine_adaudit_plusMatch7.0.07055

zohocorpmanageengine_admanager_plusRange<7.1

zohocorpmanageengine_admanager_plusMatch7.1-

zohocorpmanageengine_admanager_plusMatch7.17100

zohocorpmanageengine_admanager_plusMatch7.17101

zohocorpmanageengine_admanager_plusMatch7.17102

zohocorpmanageengine_admanager_plusMatch7.17110

zohocorpmanageengine_admanager_plusMatch7.17111

zohocorpmanageengine_admanager_plusMatch7.17112

zohocorpmanageengine_admanager_plusMatch7.17113

zohocorpmanageengine_admanager_plusMatch7.17114

zohocorpmanageengine_admanager_plusMatch7.17115

zohocorpmanageengine_admanager_plusMatch7.17116

zohocorpmanageengine_admanager_plusMatch7.17117

zohocorpmanageengine_admanager_plusMatch7.17118

zohocorpmanageengine_admanager_plusMatch7.17120

zohocorpmanageengine_admanager_plusMatch7.17121

zohocorpmanageengine_admanager_plusMatch7.17122

zohocorpmanageengine_admanager_plusMatch7.17123

zohocorpmanageengine_admanager_plusMatch7.17124

zohocorpmanageengine_admanager_plusMatch7.17125

zohocorpmanageengine_admanager_plusMatch7.17126

zohocorpmanageengine_admanager_plusMatch7.17130

zohocorpmanageengine_adselfservice_plusRange<6.1

zohocorpmanageengine_adselfservice_plusMatch6.1-

zohocorpmanageengine_adselfservice_plusMatch6.16100

zohocorpmanageengine_adselfservice_plusMatch6.16101

zohocorpmanageengine_adselfservice_plusMatch6.16102

zohocorpmanageengine_adselfservice_plusMatch6.16103

zohocorpmanageengine_adselfservice_plusMatch6.16104

zohocorpmanageengine_adselfservice_plusMatch6.16105

zohocorpmanageengine_adselfservice_plusMatch6.16106

zohocorpmanageengine_adselfservice_plusMatch6.16107

zohocorpmanageengine_adselfservice_plusMatch6.16108

zohocorpmanageengine_adselfservice_plusMatch6.16109

zohocorpmanageengine_adselfservice_plusMatch6.16110

zohocorpmanageengine_adselfservice_plusMatch6.16111

zohocorpmanageengine_adselfservice_plusMatch6.16112

zohocorpmanageengine_adselfservice_plusMatch6.16113

zohocorpmanageengine_adselfservice_plusMatch6.16114

zohocorpmanageengine_adselfservice_plusMatch6.16115

zohocorpmanageengine_adselfservice_plusMatch6.16116

zohocorpmanageengine_adselfservice_plusMatch6.16117

zohocorpmanageengine_adselfservice_plusMatch6.16118

zohocorpmanageengine_adselfservice_plusMatch6.16119

zohocorpmanageengine_adselfservice_plusMatch6.16120

zohocorpmanageengine_exchange_reporter_plusRange<5.7

zohocorpmanageengine_exchange_reporter_plusMatch5.7-

zohocorpmanageengine_exchange_reporter_plusMatch5.75700

VendorProductVersionCPE
zohocorpmanageengine_adaudit_plus*cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:-:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7000:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7002:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7003:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7004:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7005:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7006:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7007:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7008:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_adaudit_plus	*	cpe:2.3:a:zohocorp:manageengine_adaudit_plus::::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:-::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7000::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7002::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7003::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7004::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7005::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7006::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7007::::::
zohocorp	manageengine_adaudit_plus	7.0.0	cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7008::::::

Rows per page:

1-10 of 641

References

packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html

docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability

www.manageengine.com/products/self-service-password/release-notes.html

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.014

Percentile

86.5%

JSON

Related for CVE-2022-29457