CVE-2022-29457
HIGHZohocorp ManageEngine ADAudit Plus - NTLM Hash Disclosure
Title source: llmDescription
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Exploits (1)
exploitdb
WORKING POC
by Metin Yunus Kandemir · pythonremotewindows
https://www.exploit-db.com/exploits/50904
References (3)
Scores
CVSS v3
8.8
EPSS
0.0826
EPSS Percentile
92.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (5)
zohocorp/manageengine_adaudit_plus
7.0.0 (15 CPE variants)
zohocorp/manageengine_adaudit_plus
< 7.0.0
zohocorp/manageengine_admanager_plus
7.1 (21 CPE variants)
zohocorp/manageengine_admanager_plus
< 7.1
zohocorp/manageengine_adselfservice_plus
6.1 (12 CPE variants)
Published
Apr 18, 2022
Tracked Since
Feb 18, 2026