Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus > 6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-37417 | Improper Authentication vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | 9.8 |
| 2021-08-30 | CVE-2021-37421 | Insufficient Verification of Data Authenticity vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | 9.8 |
| 2021-08-09 | CVE-2021-33256 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. | 8.8 |
| 2021-07-02 | CVE-2021-31874 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. | 5.9 |
| 2021-06-25 | CVE-2021-28958 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | 9.8 |
| 2021-05-20 | CVE-2021-27956 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. | 6.1 |