Zohocorp

Manageengine Adselfservice Plus

54 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-28958

  • EPSS 73.13%
  • Veröffentlicht 25.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:00:26

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.

6.1

CVE-2021-27956

Exploit
  • EPSS 1.61%
  • Veröffentlicht 20.05.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 05:58:54

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.

6.1

CVE-2021-27214

Exploit
  • EPSS 2.04%
  • Veröffentlicht 19.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:57:36

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attac...

9.8

CVE-2018-5353

Exploit
  • EPSS 8.1%
  • Veröffentlicht 30.09.2020 18:15:15
  • Zuletzt bearbeitet 21.11.2024 04:08:38

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An una...

10

CVE-2020-24786

  • EPSS 12.82%
  • Veröffentlicht 31.08.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:04

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build nu...

10

CVE-2020-11552

Exploit
  • EPSS 7.4%
  • Veröffentlicht 11.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:08

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker ...

9.8

CVE-2020-11518

  • EPSS 18.79%
  • Veröffentlicht 04.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:03

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

9.1

CVE-2019-7162

  • EPSS 4.05%
  • Veröffentlicht 31.12.2019 15:15:11
  • Zuletzt bearbeitet 30.05.2025 16:15:25

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.

6.1

CVE-2019-18781

  • EPSS 1.84%
  • Veröffentlicht 18.12.2019 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:33:33

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

8.8

CVE-2019-18411

  • EPSS 2.34%
  • Veröffentlicht 06.11.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:33:12

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally...