{"api_version":"1","generated_at":"2026-06-24T07:16:12+00:00","cve":"CVE-2026-11374","urls":{"html":"https://cve.report/CVE-2026-11374","api":"https://cve.report/api/cve/CVE-2026-11374.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-11374","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-11374"},"summary":{"title":"Account Takeover via Predictable SSO Ticket Generation","description":"In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover.","state":"PUBLISHED","assigner":"Zohocorp","published_at":"2026-06-23 09:16:28","updated_at":"2026-06-24 05:17:25"},"problem_types":["CWE-287","CWE-330","CWE-340","CWE-340 CWE-340: Generation of Predictable Numbers or Identifiers","CWE-330 CWE-330: Use of Insufficiently Random Values","CWE-287 CWE-287: Improper Authentication"],"metrics":[{"version":"3.1","source":"0fc0942c-577d-436f-ae8e-945763c79b02","type":"Secondary","score":"9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html","name":"https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html","refsource":"0fc0942c-577d-436f-ae8e-945763c79b02","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-11374","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-11374","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"zohocorp","product":"manageengine_adselfservice_plus","version":"affected 6529 custom","platforms":["Windows"]},{"source":"CNA","vendor":"zohocorp","product":"manageengine_recovery_manager_plus","version":"affected 6321 custom","platforms":["Windows"]},{"source":"CNA","vendor":"zohocorp","product":"manageengine_m365_manager_plus","version":"affected 4817 custom","platforms":["Windows"]},{"source":"CNA","vendor":"zohocorp","product":"manageengine_adaudit_plus","version":"affected 8703 custom","platforms":["Windows"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"11374","cve":"CVE-2026-11374","epss":"0.012370000","percentile":"0.652400000","score_date":"2026-06-23","updated_at":"2026-06-24 00:09:24"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-11374","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-23T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-24T03:56:05.119Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"manageengine_adselfservice_plus","vendor":"zohocorp","versions":[{"lessThan":"6529","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"manageengine_recovery_manager_plus","vendor":"zohocorp","versions":[{"lessThan":"6321","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"manageengine_m365_manager_plus","vendor":"zohocorp","versions":[{"lessThan":"4817","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"manageengine_adaudit_plus","vendor":"zohocorp","versions":[{"lessThan":"8703","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."}],"value":"In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."}],"impacts":[{"capecId":"CAPEC-59","descriptions":[{"lang":"en","value":"CAPEC-59 Session Credential Falsification through Prediction"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-340","description":"CWE-340: Generation of Predictable Numbers or Identifiers","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-330","description":"CWE-330: Use of Insufficiently Random Values","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-287","description":"CWE-287: Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-23T08:19:30.638Z","orgId":"0fc0942c-577d-436f-ae8e-945763c79b02","shortName":"Zohocorp"},"references":[{"url":"https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html"}],"source":{"discovery":"EXTERNAL"},"title":"Account Takeover via Predictable SSO Ticket Generation","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"0fc0942c-577d-436f-ae8e-945763c79b02","assignerShortName":"Zohocorp","cveId":"CVE-2026-11374","datePublished":"2026-06-23T08:19:30.638Z","dateReserved":"2026-06-05T12:25:17.739Z","dateUpdated":"2026-06-24T03:56:05.119Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-23 09:16:28","lastModifiedDate":"2026-06-24 05:17:25","problem_types":["CWE-287","CWE-330","CWE-340","CWE-340 CWE-340: Generation of Predictable Numbers or Identifiers","CWE-330 CWE-330: Use of Insufficiently Random Values","CWE-287 CWE-287: Improper Authentication"],"metrics":{"cvssMetricV31":[{"source":"0fc0942c-577d-436f-ae8e-945763c79b02","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-11374","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"11374","Ordinal":"1","Title":"Account Takeover via Predictable SSO Ticket Generation","CVE":"CVE-2026-11374","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"11374","Ordinal":"1","NoteData":"In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover.","Type":"Description","Title":"Account Takeover via Predictable SSO Ticket Generation"}]}}}