CVE-2022-28987
MEDIUM EXPLOITED NUCLEIZoho ManageEngine ADSelfService Plus <6.2.02 - Info Disclosure
Title source: llmExploitation Summary
CVE-2022-28987 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
Nuclei Templates (1)
Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
MEDIUMby ritikchaddha
Shodan:
http.title:"ADSelfService Plus"
FOFA:
title="ADSelfService Plus"
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md
Exploit, Third Party Advisory x_refsource_misc
https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py
Vendor Advisory x_refsource_misc
https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html
Scores
CVSS v3
5.3
EPSS
0.0970
EPSS Percentile
94.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
VulnCheck KEV
2026-04-01
Status
published
Products (1)
zohocorp/manageengine_adselfservice_plus
6.1 6121
Published
May 20, 2022
Tracked Since
Feb 18, 2026