CVE-2022-29457

Sažetak

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

Reference

https://www.manageengine.com/products/self-service-password/release-notes.html
https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability
http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

30-09-2022 - 13:08

Objavljeno

18-04-2022 - 20:15