Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus > 5.3

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-30	CVE-2018-5353	Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. network low complexity zohocorp CWE-290	7.5
2020-08-31	CVE-2020-24786	Improper Authentication vulnerability in Zohocorp products An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. network low complexity zohocorp CWE-287 critical	9.8
2020-08-11	CVE-2020-11552	Improper Privilege Management vulnerability in Zohocorp Manageengine Adselfservice Plus An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. network low complexity zohocorp CWE-269 critical	10.0
2020-04-04	CVE-2020-11518	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. network low complexity zohocorp	7.5
2019-12-18	CVE-2019-18781	Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. network zohocorp CWE-601	5.8
2019-11-06	CVE-2019-18411	Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. network zohocorp CWE-352	6.8
2019-05-24	CVE-2019-8346	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. network zohocorp CWE-79	4.3
2019-03-21	CVE-2019-7161	Inadequate Encryption Strength vulnerability in Zohocorp Manageengine Adselfservice Plus An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. network low complexity zohocorp CWE-326	5.0
2019-01-03	CVE-2019-3905	Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. network low complexity zohocorp CWE-918	7.5
2018-12-26	CVE-2018-20485	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. network zohocorp CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.