vulnerability
Zoho ManageEngine ADSelfService Plus: Authenticated Remote Code Execution Vulnerability (CVE-2022-28810)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | 2022-04-09 | 2022-04-09 | 2025-05-14 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
2022-04-09
Added
2022-04-09
Modified
2025-05-14
Description
The ADSSP custom script feature is vulnerable to Remote code execution which can be exploited by the authenticated end users.
Solution
zoho-manageengine-adselfservice-plus-upgrade-latest
References
- CVE-2022-28810
- https://attackerkb.com/topics/CVE-2022-28810
- URL-http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html
- URL-https://github.com/rapid7/metasploit-framework/pull/16475
- URL-https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html
- URL-https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.