CVE-2021-20147
Affected product: ManageEngine ADSelfService Plus (below build 6116). Vulnerability: observable response discrepancy in the UMCP operation of the ChangePasswordAPI that can be exploited by an unauthenticated remote attacker to determine whether a Windows domain user exists. Root cause / vulnerabi...