CVE-2022-29457
HIGHZohocorp Manageengine Adaudit Plus - Insufficiently Protected Crede...
Title source: ruleDescription
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Exploits (1)
exploitdb
WORKING POC
by Metin Yunus Kandemir · pythonremotewindows
https://www.exploit-db.com/exploits/50904
References (3)
Scores
CVSS v3
8.8
EPSS
0.0826
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-522
Status
published
Affected Products (50)
zohocorp/manageengine_adaudit_plus
< 7.0.0
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
zohocorp/manageengine_adaudit_plus
... and 35 more
Timeline
Published
Apr 18, 2022
Tracked Since
Feb 18, 2026