CVE-2023-31492 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Vendor	Product	Version
zohocorp	manageengine_admanager_plus	𝑥 < 7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1:7100
zohocorp	manageengine_admanager_plus	7.1:7101
zohocorp	manageengine_admanager_plus	7.1:7102
zohocorp	manageengine_admanager_plus	7.1:7110
zohocorp	manageengine_admanager_plus	7.1:7111
zohocorp	manageengine_admanager_plus	7.1:7112
zohocorp	manageengine_admanager_plus	7.1:7113
zohocorp	manageengine_admanager_plus	7.1:7114
zohocorp	manageengine_admanager_plus	7.1:7115
zohocorp	manageengine_admanager_plus	7.1:7116
zohocorp	manageengine_admanager_plus	7.1:7117
zohocorp	manageengine_admanager_plus	7.1:7118
zohocorp	manageengine_admanager_plus	7.1:7120
zohocorp	manageengine_admanager_plus	7.1:7121
zohocorp	manageengine_admanager_plus	7.1:7122
zohocorp	manageengine_admanager_plus	7.1:7123
zohocorp	manageengine_admanager_plus	7.1:7124
zohocorp	manageengine_admanager_plus	7.1:7125
zohocorp	manageengine_admanager_plus	7.1:7126
zohocorp	manageengine_admanager_plus	7.1:7130
zohocorp	manageengine_admanager_plus	7.1:7131
zohocorp	manageengine_admanager_plus	7.1:7140
zohocorp	manageengine_admanager_plus	7.1:7141
zohocorp	manageengine_admanager_plus	7.1:7150
zohocorp	manageengine_admanager_plus	7.1:7151
zohocorp	manageengine_admanager_plus	7.1:7160
zohocorp	manageengine_admanager_plus	7.1:7161
zohocorp	manageengine_admanager_plus	7.1:7162
zohocorp	manageengine_admanager_plus	7.1:7163
zohocorp	manageengine_admanager_plus	7.1:7170
zohocorp	manageengine_admanager_plus	7.1:7171
zohocorp	manageengine_admanager_plus	7.1:7180
zohocorp	manageengine_admanager_plus	7.1:7181
zohocorp	manageengine_admanager_plus	7.1:7182

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html

https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html

http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html

https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html