{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-11374","assignerOrgId":"0fc0942c-577d-436f-ae8e-945763c79b02","state":"PUBLISHED","assignerShortName":"Zohocorp","dateReserved":"2026-06-05T12:25:17.739Z","datePublished":"2026-06-23T08:19:30.638Z","dateUpdated":"2026-06-23T12:03:58.363Z"},"containers":{"cna":{"providerMetadata":{"orgId":"0fc0942c-577d-436f-ae8e-945763c79b02","shortName":"Zohocorp","dateUpdated":"2026-06-23T08:19:30.638Z"},"title":"Account Takeover via Predictable SSO Ticket Generation","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-340","description":"CWE-340: Generation of Predictable Numbers or Identifiers","type":"CWE"}]},{"descriptions":[{"lang":"en","cweId":"CWE-330","description":"CWE-330: Use of Insufficiently Random Values","type":"CWE"}]},{"descriptions":[{"lang":"en","cweId":"CWE-287","description":"CWE-287: Improper Authentication","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-59","descriptions":[{"lang":"en","value":"CAPEC-59 Session Credential Falsification through Prediction"}]}],"affected":[{"vendor":"zohocorp","product":"manageengine_adselfservice_plus","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"6529","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"zohocorp","product":"manageengine_recovery_manager_plus","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"6321","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"zohocorp","product":"manageengine_m365_manager_plus","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"4817","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"zohocorp","product":"manageengine_adaudit_plus","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"8703","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover.","supportingMedia":[{"type":"text/html","base64":false,"value":"In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."}]}],"references":[{"url":"https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-23T12:03:45.471125Z","id":"CVE-2026-11374","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-23T12:03:58.363Z"}}]}}