CVE-2026-11374 - CERT CVE

  1. CVE-2026-11374

ID CVE-2026-11374
Sažetak In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.
Reference
CVSS
Base: 9.0
Impact: 6.0
Exploitability:2.2
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Zadnje važnije ažuriranje 23-06-2026 - 15:42
Objavljeno 23-06-2026 - 09:16