Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.

  • Published: Apr 18, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-28810
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.1
  • AV:N/AC:H/Au:S/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
zohocorp / manageengine_adselfservice_plus 6.1-6100 6.1-6100.x
zohocorp / manageengine_adselfservice_plus 6.1-6103 6.1-6103.x
zohocorp / manageengine_adselfservice_plus 6.1 6.1.x
zohocorp / manageengine_adselfservice_plus - 6.1
zohocorp / manageengine_adselfservice_plus 6.1-6101 6.1-6101.x
zohocorp / manageengine_adselfservice_plus 6.1-6102 6.1-6102.x
zohocorp / manageengine_adselfservice_plus 6.1-6104 6.1-6104.x
zohocorp / manageengine_adselfservice_plus 6.1-6105 6.1-6105.x
zohocorp / manageengine_adselfservice_plus 6.1-6106 6.1-6106.x
zohocorp / manageengine_adselfservice_plus 6.1-6113 6.1-6113.x
zohocorp / manageengine_adselfservice_plus 6.1-6107 6.1-6107.x
zohocorp / manageengine_adselfservice_plus 6.1-6108 6.1-6108.x
zohocorp / manageengine_adselfservice_plus 6.1-6109 6.1-6109.x
zohocorp / manageengine_adselfservice_plus 6.1-6110 6.1-6110.x
zohocorp / manageengine_adselfservice_plus 6.1-6111 6.1-6111.x
zohocorp / manageengine_adselfservice_plus 6.1-6115 6.1-6115.x
zohocorp / manageengine_adselfservice_plus 6.1-6112 6.1-6112.x
zohocorp / manageengine_adselfservice_plus 6.1-6114 6.1-6114.x
zohocorp / manageengine_adselfservice_plus 6.1-6120 6.1-6120.x
zohocorp / manageengine_adselfservice_plus 6.1-6116 6.1-6116.x
zohocorp / manageengine_adselfservice_plus 6.1-6117 6.1-6117.x
zohocorp / manageengine_adselfservice_plus 6.1-6118 6.1-6118.x
zohocorp / manageengine_adselfservice_plus 6.1-6119 6.1-6119.x
zohocorp / manageengine_adselfservice_plus 6.1-6121 6.1-6121.x