GHSA-hp5g-5g9f-49wqCriticalCVSS 9.0

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus,...

Published
June 23, 2026
Last Modified
June 23, 2026

🔗 CVE IDs covered (1)

📋 Description

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

🔗 References (3)