ГлавнаяУязвимости → CVE-2026-11374
9критическая

CVE-2026-11374

Описание

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

CVSS
Балл9 — критическая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html