9.1

CVE-2022-36413

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.

Data is provided by the National Vulnerability Database (NVD)
ZohocorpManageengine Adselfservice Plus Version6.2 Update6200
ZohocorpManageengine Adselfservice Plus Version6.2 Update6201
ZohocorpManageengine Adselfservice Plus Version6.2 Update6202
ZohocorpManageengine Adselfservice Plus Version6.2 Update6203
ZohocorpManageengine Adselfservice Plus Version6.2 Update6204
ZohocorpManageengine Adselfservice Plus Version6.2 Update6205
ZohocorpManageengine Adselfservice Plus Version6.2 Update6206
ZohocorpManageengine Adselfservice Plus Version6.2 Update6207
ZohocorpManageengine Adselfservice Plus Version6.2 Update6208
ZohocorpManageengine Adselfservice Plus Version6.2 Update6209
ZohocorpManageengine Adselfservice Plus Version6.2 Update6210
ZohocorpManageengine Adselfservice Plus Version6.2 Update6211
ZohocorpManageengine Adselfservice Plus Version6.2 Update6212
ZohocorpManageengine Adselfservice Plus Version6.2 Update6213
ZohocorpManageengine Adselfservice Plus Version6.2 Update6214
ZohocorpManageengine Adselfservice Plus Version6.2 Update6215
ZohocorpManageengine Adselfservice Plus Version6.2 Update6216
ZohocorpManageengine Adselfservice Plus Version6.2 Update6217
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.76% 0.723
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.