CVE-2021-20147
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of th
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
MEDIUM · CVSS 5.3
EPSS 0.18027
Schedule remediation
- EPSS ≥ 0.10 - elevated exploitation probability
- EPSS percentile: top 5% of all CVEs by exploitation likelihood
- Public exploit or PoC is available
Sigma rules0
YARA rules0