CVE-2022-36413

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions through 6203

Description The issue allows for a brute-force attack, leading to a password reset on IDM applications. This is a result of a weakness in the password reset mechanism, which can be exploited by an attacker to gain unauthorized access.

Recommendations For Zoho ManageEngine ADSelfService Plus versions through 6203, consider implementing additional security measures to prevent brute-force attacks, such as rate limiting or IP blocking, until a patch is available. As a temporary workaround, restrict access to the password reset feature to minimize the risk of exploitation.