PT-2022-19630 · Zoho Manageengine · Adaudit Plus+3
Metin Yunus Kandemir
·
Published
2022-04-18
·
Updated
2022-09-30
·
CVE-2022-29457
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine ADSelfService Plus versions prior to 6121
ADAuditPlus versions prior to 7060
Exchange Reporter Plus versions prior to 5701
ADManagerPlus versions prior to 7131
Description
The issue allows NTLM Hash disclosure during certain storage-path configuration steps. This affects Zoho ManageEngine products, potentially leading to security breaches.
Recommendations
For Zoho ManageEngine ADSelfService Plus versions prior to 6121, update to version 6121 or later.
For ADAuditPlus versions prior to 7060, update to version 7060 or later.
For Exchange Reporter Plus versions prior to 5701, update to version 5701 or later.
For ADManagerPlus versions prior to 7131, update to version 7131 or later.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adaudit Plus
Admanager Plus
Adselfservice Plus
Exchange Reporter Plus