Vulnerability Description
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Adaudit Plus | < 7.0.0 |
| Zohocorp | Manageengine Admanager Plus | < 7.1 |
| Zohocorp | Manageengine Adselfservice Plus | < 6.1 |
| Zohocorp | Manageengine Exchange Reporter Plus | < 5.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-BuilExploitThird Party AdvisoryVDB Entry
- https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-ExploitPatchThird Party Advisory
- https://www.manageengine.com/products/self-service-password/release-notes.htmlRelease NotesVendor Advisory
- http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-BuilExploitThird Party AdvisoryVDB Entry
- https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-ExploitPatchThird Party Advisory
- https://www.manageengine.com/products/self-service-password/release-notes.htmlRelease NotesVendor Advisory
FAQ
What is CVE-2022-29457?
CVE-2022-29457 is a vulnerability with a CVSS score of 8.8 (HIGH). Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
How severe is CVE-2022-29457?
CVE-2022-29457 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29457?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Adaudit Plus, Zohocorp Manageengine Admanager Plus, Zohocorp Manageengine Adselfservice Plus, Zohocorp Manageengine Exchange Reporter Plus.