CVE-2021-20147

{"id": "CVE-2021-20147", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-01-03T22:15:08.503", "references": [{"url": "https://www.tenable.com/security/research/tra-2021-52", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2021-52", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists."}, {"lang": "es", "value": "ManageEngine ADSelfService Plus versiones anteriores a la compilaci\u00f3n 6116, contiene una discrepancia de respuesta observable en la operaci\u00f3n UMCP de la ChangePasswordAPI. Esto permite a un atacante remoto no autenticado determinar si se presenta un usuario de dominio de Windows"}], "lastModified": "2024-11-21T05:46:00.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D9FC84E-958F-450A-8400-1C51E00231A4", "versionEndIncluding": "6.0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}