Security Advisory

CVE-2021-20147

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-03 21:07:10

Last updated 2024-08-03 17:30:07

Assigner tenable

State PUBLISHED

Description

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.

← Browse all CVEs View on cve.org ↗