In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted
by an unauthenticated user, leading to account takeover.
PUBLISHED5.2CWE-340CWE-330CWE-287
Account Takeover via Predictable SSO Ticket Generation
Problem type
- CWE-340: Generation of Predictable Numbers or Identifiers
- CWE-330: Use of Insufficiently Random Values
- CWE-287: Improper Authentication
Affected products
zohocorp
manageengine_adselfservice_plus
< 6529 - AFFECTED
manageengine_recovery_manager_plus
< 6321 - AFFECTED
manageengine_m365_manager_plus
< 4817 - AFFECTED
manageengine_adaudit_plus
< 8703 - AFFECTED
References
GitHub Security Advisories
GHSA-hp5g-5g9f-49wq
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus,...
https://github.com/advisories/GHSA-hp5g-5g9f-49wqIn ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11374Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11374",
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"dateUpdated": "2026-06-23T08:19:30.638Z",
"dateReserved": "2026-06-05T12:25:17.739Z",
"datePublished": "2026-06-23T08:19:30.638Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp",
"dateUpdated": "2026-06-23T08:19:30.638Z"
},
"title": "Account Takeover via Predictable SSO Ticket Generation",
"descriptions": [
{
"lang": "en",
"value": "In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."
}
]
}
],
"affected": [
{
"vendor": "zohocorp",
"product": "manageengine_adselfservice_plus",
"platforms": [
"Windows"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThan": "6529"
}
]
},
{
"vendor": "zohocorp",
"product": "manageengine_recovery_manager_plus",
"platforms": [
"Windows"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThan": "6321"
}
]
},
{
"vendor": "zohocorp",
"product": "manageengine_m365_manager_plus",
"platforms": [
"Windows"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThan": "4817"
}
]
},
{
"vendor": "zohocorp",
"product": "manageengine_adaudit_plus",
"platforms": [
"Windows"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThan": "8703"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-340: Generation of Predictable Numbers or Identifiers",
"cweId": "CWE-340",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "CWE-330: Use of Insufficiently Random Values",
"cweId": "CWE-330",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "CWE-287: Improper Authentication",
"cweId": "CWE-287",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html"
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL"
}
}
]
}
}
}