Manageengine Adselfservice Plus

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-02	CVE-2021-31874	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. network zohocorp	4.3
2021-06-25	CVE-2021-28958	OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. network low complexity zohocorp CWE-78	7.5
2021-05-20	CVE-2021-27956	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. network zohocorp CWE-79	4.3
2021-02-19	CVE-2021-27214	Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus 6.0 A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. network zohocorp CWE-918	4.3
2020-09-30	CVE-2018-5353	Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. network low complexity zohocorp CWE-290	7.5
2020-08-31	CVE-2020-24786	Improper Authentication vulnerability in Zohocorp products An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. network low complexity zohocorp CWE-287 critical	9.8
2020-08-11	CVE-2020-11552	Improper Privilege Management vulnerability in Zohocorp Manageengine Adselfservice Plus An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. network low complexity zohocorp CWE-269 critical	10.0
2020-04-04	CVE-2020-11518	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. network low complexity zohocorp	7.5
2019-12-31	CVE-2019-7162	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 5.6 An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. network low complexity zohocorp	6.4
2019-12-18	CVE-2019-18781	Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. network zohocorp CWE-601	5.8