8.8
CVE-2019-18411
- EPSS 0.17%
- Published 06.11.2019 22:15:10
- Last modified 21.11.2024 04:33:12
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
Data is provided by the National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5000
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5001
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5002
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5010
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5011
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5020
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5021
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5022
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5030
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5032
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5040
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5041
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5100
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5101
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5102
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5103
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5104
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5105
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5106
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5107
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5108
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5109
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5110
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5111
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5112
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5113
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5114
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5115
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5200
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5201
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5202
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5203
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5204
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5205
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5206
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5207
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5300
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5301
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5302
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5303
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5304
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5305
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5306
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5307
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5308
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5309
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5310
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5311
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5312
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5313
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5314
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5315
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5316
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5317
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5318
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5319
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5320
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5321
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5322
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5323
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5324
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5325
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5326
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5327
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5328
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5329
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5330
Zohocorp ≫ Manageengine Adselfservice Plus Version5.4 Update5400
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5500
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5501
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5502
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5503
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5504
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5505
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5506
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5507
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5508
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5509
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5510
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5511
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5512
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5513
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5514
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5515
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5516
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5517
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5518
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5519
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5520
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5521
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5600
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5601
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5602
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5603
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5604
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5605
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5606
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5607
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5702
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5704
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5705
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5706
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5707
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5708
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5709
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5710
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5800
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5801
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5802
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5803
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.355 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.