5 matches found
CVE-2021-20147
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...
Design/Logic Flaw
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...
ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...
ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability stems from build 6116 of ManageEngine ADSelfService Plus containing an observable...
PT-2022-9168 · Manageengine · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus versions prior to build 6116 Description: The issue allows a user from one domain to obtain the password policy for another domain by authenticating to the service and sending a request specifying the password...