Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus

DATE CVE VULNERABILITY TITLE RISK
2020-04-04 CVE-2020-11518 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
network
low complexity
zohocorp
critical
 9.8
9.8
2019-12-31 CVE-2019-7162 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 5.6
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607.
network
low complexity
zohocorp
critical
 9.1
9.1
2019-12-18 CVE-2019-18781 Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
network
low complexity
zohocorp CWE-601
6.1
6.1
2019-11-06 CVE-2019-18411 Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page.
network
low complexity
zohocorp CWE-352
8.8
8.8
2019-07-17 CVE-2019-12876 Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
local
low complexity
zohocorp CWE-732
7.3
7.3
2019-06-17 CVE-2019-12476 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser.
low complexity
zohocorp CWE-640
6.8
6.8
2019-05-24 CVE-2019-8346 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-04-25 CVE-2019-11511 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-03-21 CVE-2019-7161 Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704.
network
low complexity
zohocorp CWE-798
7.5
7.5
2019-01-03 CVE-2019-3905 Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
network
low complexity
zohocorp CWE-918
critical
 10.0
10