Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_adselfservice_plus
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-25 | CVE-2021-28958 | Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | Manageengine_adselfservice_plus | 9.8 | ||
| 2021-07-02 | CVE-2021-31874 | Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. | Manageengine_adselfservice_plus | 5.9 | ||
| 2021-08-09 | CVE-2021-33256 | A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side. | Manageengine_adselfservice_plus | 8.8 | ||
| 2021-08-30 | CVE-2021-33055 | Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | Manageengine_adselfservice_plus | 9.8 | ||
| 2021-08-30 | CVE-2021-37416 | Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. | Manageengine_adselfservice_plus | 6.1 | ||
| 2021-08-30 | CVE-2021-37417 | Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | Manageengine_adselfservice_plus | 9.8 | ||
| 2021-08-30 | CVE-2021-37421 | Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | Manageengine_adselfservice_plus | 9.8 | ||
| 2021-09-10 | CVE-2021-37423 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | Manageengine_adselfservice_plus | 9.8 | ||
| 2021-09-10 | CVE-2021-37422 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | Manageengine_adselfservice_plus | 9.8 | ||
| 2022-01-03 | CVE-2021-20147 | ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists. | Manageengine_adselfservice_plus | 5.3 |