CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-36413

CVSS 9.1v3.1pub. 2023-03-23upd. 2024-11-21

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Zohocorp Manageengine Adselfservice Plus

    APP
    Zohocorp
    6.2< 6.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2022-47966CRITICAL9.8⚠ KEVten sam produkt

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code exec...

CVE-2021-40539CRITICAL9.8⚠ KEVten sam produkt

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass wi...

CVE-2025-11250CRITICAL9.1PL ✓ten sam produkt

Authentication Bypass w Zohocorp ManageEngine ADSelfService Plus

CVE-2023-35854CRITICAL9.8ten sam produkt

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal ...

CVE-2021-37423CRITICAL9.8ten sam produkt

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.