Zohocorp

Manageengine Adselfservice Plus

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2020-24786

  • EPSS 6.78%
  • Veröffentlicht 31.08.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:04

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build nu...

10

CVE-2020-11552

Exploit
  • EPSS 5.32%
  • Veröffentlicht 11.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:08

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker ...

9.8

CVE-2020-11518

  • EPSS 9.64%
  • Veröffentlicht 04.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:03

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

9.1

CVE-2019-7162

  • EPSS 7.78%
  • Veröffentlicht 31.12.2019 15:15:11
  • Zuletzt bearbeitet 30.05.2025 16:15:25

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.

6.1

CVE-2019-18781

  • EPSS 0.41%
  • Veröffentlicht 18.12.2019 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:33:33

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

8.8

CVE-2019-18411

  • EPSS 0.17%
  • Veröffentlicht 06.11.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:33:12

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally...

8.5

CVE-2019-12876

Exploit
  • EPSS 0.11%
  • Veröffentlicht 17.07.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:45

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

7.2

CVE-2019-12476

Exploit
  • EPSS 1.22%
  • Veröffentlicht 17.06.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:22:56

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. Th...

6.1

CVE-2019-8346

  • EPSS 5.64%
  • Veröffentlicht 24.05.2019 17:29:06
  • Zuletzt bearbeitet 21.11.2024 04:49:43

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use...

6.1

CVE-2019-11511

  • EPSS 2.6%
  • Veröffentlicht 25.04.2019 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:14

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.