Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus > 5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-30 | CVE-2018-5353 | Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. | 7.5 |
2020-08-31 | CVE-2020-24786 | Improper Authentication vulnerability in Zohocorp products An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. | 9.8 |
2020-08-11 | CVE-2020-11552 | Improper Privilege Management vulnerability in Zohocorp Manageengine Adselfservice Plus An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. | 10.0 |
2020-04-04 | CVE-2020-11518 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | 7.5 |
2019-12-18 | CVE-2019-18781 | Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | 5.8 |
2019-11-06 | CVE-2019-18411 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. | 6.8 |
2019-06-17 | CVE-2019-12476 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0 An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. | 7.2 |
2019-05-24 | CVE-2019-8346 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. | 4.3 |
2019-03-21 | CVE-2019-7161 | Inadequate Encryption Strength vulnerability in Zohocorp Manageengine Adselfservice Plus An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. | 5.0 |
2019-01-03 | CVE-2019-3905 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | 7.5 |