mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
257 lines
8.9 KiB
JSON
257 lines
8.9 KiB
JSON
{
|
|
"id": "CVE-2022-24681",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2022-04-07T22:15:07.807",
|
|
"lastModified": "2024-11-21T06:50:51.707",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, permite un ataque de tipo XSS por medio del atributo welcome name en la pantalla Reset Password, Unlock Account, o User Must Change Password"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"baseScore": 4.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "6.1",
|
|
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
|
|
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
|
|
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
|
|
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2EC89DCA-D24A-46BB-8086-C306BB4CDABD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*",
|
|
"matchCriteriaId": "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E319DA11-0C76-4F52-A197-FFBF4F30BB55"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B928577F-3183-4305-9009-A8C6970477D6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CE6F33B5-418E-4B38-81EB-090E4F3AF89A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://manageengine.com",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Product"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://raxis.com/blog/cve-2022-24681",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://manageengine.com",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Product"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://raxis.com/blog/cve-2022-24681",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |