CVE-2022-29457

Exploit

EPSS 6.66%
Published 18.04.2022 20:15:09
Last modified 21.11.2024 06:59:07
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Adaudit Plus Version < 7.0.0

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update-

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7000

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7002

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7003

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7004

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7005

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7006

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7007

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7008

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7050

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7051

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7052

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7053

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7054

Zohocorp ≫ Manageengine Adaudit Plus Version7.0.0 Update7055

Zohocorp ≫ Manageengine Admanager Plus Version < 7.1

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update-

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7100

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7101

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7102

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7110

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7111

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7112

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7113

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7114

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7115

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7116

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7117

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7118

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7120

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7121

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7122

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7123

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7124

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7125

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7126

Zohocorp ≫ Manageengine Admanager Plus Version7.1 Update7130

Zohocorp ≫ Manageengine Adselfservice Plus Version < 6.1

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update-

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6100

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6101

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6102

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6103

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6104

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6105

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6106

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6107

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6108

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6109

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6110

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6111

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6112

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6113

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6114

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6115

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6116

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6117

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6118

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6119

Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6120

Zohocorp ≫ Manageengine Exchange Reporter Plus Version < 5.7

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update-

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5700

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.66%	0.909

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.manageengine.com/products/self-service-password/release-notes.html

Vendor Advisory

Release Notes

http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html

Third Party Advisory

Exploit

VDB Entry

https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability

Patch

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-29457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29457

EUVD