CVE-2021-20147

Summary

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.

Affected Software

VendorProductVersion RangeStatus
n/aManageEngine ADSelfService Plus< 6116affected

Weaknesses

  • Observable Response Discrepancy

ADP Enrichment

CVE Program Container

Additional References

References