CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-28987

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.9%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md
https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py
https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html
https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md
https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py
https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html

Products affected by CVE-2022-28987

Zohocorp » Manageengine Adselfservice Plus » Version: 6.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-28987

Products

Pricing

Contact Us