CVE-2022-28987: CVE-2022-28987

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-28987

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ZOHO ManageEngine ADSelfService Plus 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ZOHO ManageEngine ADSelfService Plus是美国卓豪（ZOHO）公司的针对 Active Directory 和云应用程序的集成式自助密码管理和单点登录解决方案。 ZOHO ManageEngine ADSelfService Plus 6.1版本存在安全漏洞。攻击者利用该漏洞通过 /ServletAPI/accounts/login 的特制的 POST 请求执行用户名枚举。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-28987

#	POC Description	Source Link	Shenlong Link
1	Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration (CVE-2022-28987). The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-28987.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-28987

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-28987

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-28987

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-28987

III. Intelligence Information for CVE-2022-28987

IV. Related Vulnerabilities

V. Comments for CVE-2022-28987

Leave a comment