CVE-2018-20664

EPSS 1.35%
Published 03.01.2019 19:29:01
Last modified 21.11.2024 04:01:57
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update4500

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5032

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5040

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5041

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5100

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5101

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5102

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5103

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5104

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5105

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5106

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5107

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5108

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5109

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5110

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5111

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5112

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5113

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5114

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5115

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5116

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5200

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5201

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5202

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5203

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5204

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5205

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5206

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5207

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5300

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5301

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5302

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5303

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5304

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5305

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5306

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5307

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5308

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5309

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5310

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5311

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5312

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5313

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5314

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5315

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5316

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5317

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5318

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5319

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5320

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5321

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5322

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5323

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5324

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5325

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5326

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5327

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5328

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5329

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5330

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5400

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5500

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5501

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5502

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5503

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5504

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5505

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5506

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5507

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5508

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5509

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5510

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5511

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5512

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5513

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5514

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5515

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5516

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5517

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5518

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5519

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5520

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5521

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5600

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5601

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5602

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5603

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5604

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5605

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5606

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5607

Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5700

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.35%	0.793

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/

Third Party Advisory

https://www.manageengine.com/products/self-service-password/release-notes.html#5701

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-20664

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-20664

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-20664

EUVD