← voltar
CVE-2026-11374

Account Takeover via Predictable SSO Ticket Generation

CVSS 9 CRITICALEPSS 1.2%CWE-287CWE-330CWE-340
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
zohocorp · manageengine_adaudit_pluszohocorp · manageengine_adselfservice_pluszohocorp · manageengine_m365_manager_pluszohocorp · manageengine_recovery_manager_plus

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html