Vulnerability Description
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Remote Access Plus | < 10.1.2137.15 |
Related Weaknesses (CWE)
References
- https://raxis.com/blog/cve-2022-26653-and-cve-2022-26777ExploitThird Party Advisory
- https://www.manageengine.com/remote-desktop-management/advisory/cve-2022-26653.hVendor Advisory
- https://raxis.com/blog/cve-2022-26653-and-cve-2022-26777ExploitThird Party Advisory
- https://www.manageengine.com/remote-desktop-management/advisory/cve-2022-26653.hVendor Advisory
FAQ
What is CVE-2022-26653?
CVE-2022-26653 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
How severe is CVE-2022-26653?
CVE-2022-26653 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26653?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Remote Access Plus.