Vulnerability Database

296,772

Total vulnerabilities in the database

CVE-2022-36413

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.

Published: Mar 23, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-36413
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-307

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_adselfservice_plus	6.2-6201	6.2-6201.x
zohocorp / manageengine_adselfservice_plus	6.2-6202	6.2-6202.x
zohocorp / manageengine_adselfservice_plus	-	6.2
zohocorp / manageengine_adselfservice_plus	6.2-6200	6.2-6200.x
zohocorp / manageengine_adselfservice_plus	6.2-6203	6.2-6203.x
zohocorp / manageengine_adselfservice_plus	6.2-6204	6.2-6204.x
zohocorp / manageengine_adselfservice_plus	6.2-6205	6.2-6205.x
zohocorp / manageengine_adselfservice_plus	6.2-6206	6.2-6206.x
zohocorp / manageengine_adselfservice_plus	6.2-6207	6.2-6207.x
zohocorp / manageengine_adselfservice_plus	6.2-6208	6.2-6208.x
zohocorp / manageengine_adselfservice_plus	6.2-6209	6.2-6209.x
zohocorp / manageengine_adselfservice_plus	6.2-6210	6.2-6210.x
zohocorp / manageengine_adselfservice_plus	6.2-6211	6.2-6211.x
zohocorp / manageengine_adselfservice_plus	6.2-6212	6.2-6212.x
zohocorp / manageengine_adselfservice_plus	6.2-6213	6.2-6213.x
zohocorp / manageengine_adselfservice_plus	6.2-6214	6.2-6214.x
zohocorp / manageengine_adselfservice_plus	6.2-6215	6.2-6215.x
zohocorp / manageengine_adselfservice_plus	6.2-6216	6.2-6216.x
zohocorp / manageengine_adselfservice_plus	6.2-6217	6.2-6217.x

https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime