vulnerability
Zoho ManageEngine ADSelfService Plus: CVE-2022-28987: Information Disclosure
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jun 27, 2022 | Dec 18, 2024 | Jun 26, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jun 27, 2022
Added
Dec 18, 2024
Modified
Jun 26, 2025
Description
ADSelfService Plus versions before 6202 are vulnerable to username enumeration and low level information disclosure vulnerability.
Solution
zoho-manageengine-adselfservice-plus-upgrade-latest
References
- CVE-2022-28987
- https://attackerkb.com/topics/CVE-2022-28987
- URL-https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md
- URL-https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py
- URL-https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.