This may allow attackers to determine the existence of a mailbox, which could lead to the assumption that a user has an unread message in their mailbox.

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. This may allow attackers to determine the existence of a mailbox, which could lead to the assumption that a user has an unread message in their mailbox. Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 fail to properly enforce permissions in certain circumstances. If a user tries to access data that they do not have permissions to view, this may result in an information disclosure.

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 fail to properly enforce permissions in certain circumstances. If a user tries to access data that they do not have permissions to view, this may result in an information disclosure. Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 fail to properly enforce permissions in certain circumstances. If a user tries to access data that they do not have permissions to view, this may result

CPE(rural) Object Model

If the CPE(rural) object model is used, an attacker may be able to cause the device to crash. This can lead to a denial of service condition.

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 fail to properly enforce permissions in certain circumstances. If a user tries to access data that they do not have permissions to view, this may result in an information disclosure. Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. This may allow attackers to determine the existence of a mailbox, which could lead to the assumption that a user has an unread message in their mailbox. Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 fail to properly enforce permissions in certain circumstances. If a user tries to access data that they do not have permissions to view, this may result in an information disclosure. Zoho ManageEngine ADSelfService Plus before 6121 and ADManagerPlus 7131 allow remote code execution by means of crafted input due to insufficient validation of user-supplied input during parsing of XML files.

Timeline

Published on: 04/18/2022 20:15:00 UTC
Last modified on: 05/11/2022 20:15:00 UTC

References