CVE-2021-20147
N/A
N/A
Summary
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | ManageEngine ADSelfService Plus | < 6116 | affected |
Weaknesses
- Observable Response Discrepancy
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.