CVE-2022-29457

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
zohocorpmanageengine_adaudit_plus
𝑥
< 7.0.0
zohocorpmanageengine_adaudit_plus
7.0.0
zohocorpmanageengine_adaudit_plus
7.0.0:7000
zohocorpmanageengine_adaudit_plus
7.0.0:7002
zohocorpmanageengine_adaudit_plus
7.0.0:7003
zohocorpmanageengine_adaudit_plus
7.0.0:7004
zohocorpmanageengine_adaudit_plus
7.0.0:7005
zohocorpmanageengine_adaudit_plus
7.0.0:7006
zohocorpmanageengine_adaudit_plus
7.0.0:7007
zohocorpmanageengine_adaudit_plus
7.0.0:7008
zohocorpmanageengine_adaudit_plus
7.0.0:7050
zohocorpmanageengine_adaudit_plus
7.0.0:7051
zohocorpmanageengine_adaudit_plus
7.0.0:7052
zohocorpmanageengine_adaudit_plus
7.0.0:7053
zohocorpmanageengine_adaudit_plus
7.0.0:7054
zohocorpmanageengine_adaudit_plus
7.0.0:7055
zohocorpmanageengine_admanager_plus
𝑥
< 7.1
zohocorpmanageengine_admanager_plus
7.1
zohocorpmanageengine_admanager_plus
7.1:7100
zohocorpmanageengine_admanager_plus
7.1:7101
zohocorpmanageengine_admanager_plus
7.1:7102
zohocorpmanageengine_admanager_plus
7.1:7110
zohocorpmanageengine_admanager_plus
7.1:7111
zohocorpmanageengine_admanager_plus
7.1:7112
zohocorpmanageengine_admanager_plus
7.1:7113
zohocorpmanageengine_admanager_plus
7.1:7114
zohocorpmanageengine_admanager_plus
7.1:7115
zohocorpmanageengine_admanager_plus
7.1:7116
zohocorpmanageengine_admanager_plus
7.1:7117
zohocorpmanageengine_admanager_plus
7.1:7118
zohocorpmanageengine_admanager_plus
7.1:7120
zohocorpmanageengine_admanager_plus
7.1:7121
zohocorpmanageengine_admanager_plus
7.1:7122
zohocorpmanageengine_admanager_plus
7.1:7123
zohocorpmanageengine_admanager_plus
7.1:7124
zohocorpmanageengine_admanager_plus
7.1:7125
zohocorpmanageengine_admanager_plus
7.1:7126
zohocorpmanageengine_admanager_plus
7.1:7130
zohocorpmanageengine_adselfservice_plus
𝑥
< 6.1
zohocorpmanageengine_adselfservice_plus
6.1
zohocorpmanageengine_adselfservice_plus
6.1:6100
zohocorpmanageengine_adselfservice_plus
6.1:6101
zohocorpmanageengine_adselfservice_plus
6.1:6102
zohocorpmanageengine_adselfservice_plus
6.1:6103
zohocorpmanageengine_adselfservice_plus
6.1:6104
zohocorpmanageengine_adselfservice_plus
6.1:6105
zohocorpmanageengine_adselfservice_plus
6.1:6106
zohocorpmanageengine_adselfservice_plus
6.1:6107
zohocorpmanageengine_adselfservice_plus
6.1:6108
zohocorpmanageengine_adselfservice_plus
6.1:6109
zohocorpmanageengine_adselfservice_plus
6.1:6110
zohocorpmanageengine_adselfservice_plus
6.1:6111
zohocorpmanageengine_adselfservice_plus
6.1:6112
zohocorpmanageengine_adselfservice_plus
6.1:6113
zohocorpmanageengine_adselfservice_plus
6.1:6114
zohocorpmanageengine_adselfservice_plus
6.1:6115
zohocorpmanageengine_adselfservice_plus
6.1:6116
zohocorpmanageengine_adselfservice_plus
6.1:6117
zohocorpmanageengine_adselfservice_plus
6.1:6118
zohocorpmanageengine_adselfservice_plus
6.1:6119
zohocorpmanageengine_adselfservice_plus
6.1:6120
zohocorpmanageengine_exchange_reporter_plus
𝑥
< 5.7
zohocorpmanageengine_exchange_reporter_plus
5.7
zohocorpmanageengine_exchange_reporter_plus
5.7:5700
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html
https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability
https://www.manageengine.com/products/self-service-password/release-notes.html
http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html
https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability
https://www.manageengine.com/products/self-service-password/release-notes.html