CVE-2021-37424

Опубликовано: 21 сент. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.

Ссылки

https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Patch
Vendor Advisory
https://www.manageengine.com
Product
Vendor Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Patch
Vendor Advisory
https://www.manageengine.com
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*

Версия до 6.1 (исключая)

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13636

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fcp4-47q7-p53r