Zohocorp

Manageengine Adselfservice Plus

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-27214

Exploit
  • EPSS 7.3%
  • Veröffentlicht 19.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:57:36

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attac...

9.8

CVE-2018-5353

Exploit
  • EPSS 15.29%
  • Veröffentlicht 30.09.2020 18:15:15
  • Zuletzt bearbeitet 21.11.2024 04:08:38

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An una...

10

CVE-2020-24786

  • EPSS 2.12%
  • Veröffentlicht 31.08.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:04

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build nu...

10

CVE-2020-11552

Exploit
  • EPSS 5.32%
  • Veröffentlicht 11.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:08

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker ...

9.8

CVE-2020-11518

  • EPSS 14.4%
  • Veröffentlicht 04.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:03

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

9.1

CVE-2019-7162

  • EPSS 7.78%
  • Veröffentlicht 31.12.2019 15:15:11
  • Zuletzt bearbeitet 30.05.2025 16:15:25

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.

6.1

CVE-2019-18781

  • EPSS 0.38%
  • Veröffentlicht 18.12.2019 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:33:33

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

8.8

CVE-2019-18411

  • EPSS 0.17%
  • Veröffentlicht 06.11.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:33:12

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally...

8.5

CVE-2019-12876

Exploit
  • EPSS 0.1%
  • Veröffentlicht 17.07.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:45

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

7.2

CVE-2019-12476

Exploit
  • EPSS 1.19%
  • Veröffentlicht 17.06.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:22:56

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. Th...