CVE-2022-36413

Published Mar 23, 2023

Last updated 2 years ago

CVSS critical 9.1

Overview

Description: Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-307

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68",
            "versionEndExcluding": "6.2"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6211:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7E0ED07-E432-47FD-A2B5-6F591FF2A64F"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6212:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73E7D08E-E2AA-48AE-ABFF-0E46026B47FC"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6213:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "430B78F8-F860-4911-9F7E-710386BF2166"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6214:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E926BB96-B0F6-4FC7-BACE-F658FA63F868"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6215:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5DC4C8C-41C8-45B2-A077-FB325F80E22F"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6216:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB581F7E-EF4C-4BFF-AA29-1875F0280BF4"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6217:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "016F55FB-5F14-451F-9F93-479426146925"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References