CVE-2022-28810
Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
70.5%
p99
KEV
YES
Mar 7, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
70.4%EPSS · 30 days70.5%
2026-06-302026-07-16
Product
Zoho / ManageEngine
Vulnerability
Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
Added to KEV
Mar 7, 2023
Remediate by
Mar 28, 2023
Known ransomware use
No
Summary description
Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.
Required action
Apply updates per vendor instructions.
Notes
https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html; https://nvd.nist.gov/vuln/detail/CVE-2022-28810
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-35405—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2022-47966—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2020-10189—100.0%
KEV—80Zoho ManageEngine Desktop Central File Upload Vulnerability—CVE-2021-40539—99.9%
KEV—80Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability—CVE-2019-8394—99.1%
KEV—80Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability—