CVE-2023-38332

Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
zohocorpmanageengine_admanager_plus
𝑥
< 7.2
zohocorpmanageengine_admanager_plus
7.2:7200
zohocorpmanageengine_admanager_plus
7.2:7201
𝑥
= Vulnerable software versions
References
https://manageengine.com
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html
https://manageengine.com
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html