Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus > 5.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2024-0252 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. | 8.8 |
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-06-20 | CVE-2023-35854 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. | 9.8 |
| 2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
| 2022-07-04 | CVE-2022-34829 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. | 5.0 |
| 2022-04-18 | CVE-2022-29457 | Insufficiently Protected Credentials vulnerability in Zohocorp products Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | 8.8 |
| 2022-04-18 | CVE-2022-28810 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. | 6.8 |
| 2022-04-07 | CVE-2022-24681 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | 6.1 |
| 2022-01-03 | CVE-2021-20147 | Information Exposure Through Discrepancy vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. | 5.0 |
| 2022-01-03 | CVE-2021-20148 | Files or Directories Accessible to External Parties vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. | 4.3 |