Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-18411
HistoryNov 06, 2019 - 10:15 p.m.

CVE-2019-18411

2019-11-0622:15:10
CWE-352
[email protected]
web.nvd.nist.gov
1

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

42.0%

JSON

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users’ profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.

Affected configurations

Nvd
Node
zohocorpmanageengine_adselfservice_plusMatch5.05000
OR
zohocorpmanageengine_adselfservice_plusMatch5.05001
OR
zohocorpmanageengine_adselfservice_plusMatch5.05002
OR
zohocorpmanageengine_adselfservice_plusMatch5.05010
OR
zohocorpmanageengine_adselfservice_plusMatch5.05011
OR
zohocorpmanageengine_adselfservice_plusMatch5.05020
OR
zohocorpmanageengine_adselfservice_plusMatch5.05021
OR
zohocorpmanageengine_adselfservice_plusMatch5.05022
OR
zohocorpmanageengine_adselfservice_plusMatch5.05030
OR
zohocorpmanageengine_adselfservice_plusMatch5.05032
OR
zohocorpmanageengine_adselfservice_plusMatch5.05040
OR
zohocorpmanageengine_adselfservice_plusMatch5.05041
OR
zohocorpmanageengine_adselfservice_plusMatch5.15100
OR
zohocorpmanageengine_adselfservice_plusMatch5.15101
OR
zohocorpmanageengine_adselfservice_plusMatch5.15102
OR
zohocorpmanageengine_adselfservice_plusMatch5.15103
OR
zohocorpmanageengine_adselfservice_plusMatch5.15104
OR
zohocorpmanageengine_adselfservice_plusMatch5.15105
OR
zohocorpmanageengine_adselfservice_plusMatch5.15106
OR
zohocorpmanageengine_adselfservice_plusMatch5.15107
OR
zohocorpmanageengine_adselfservice_plusMatch5.15108
OR
zohocorpmanageengine_adselfservice_plusMatch5.15109
OR
zohocorpmanageengine_adselfservice_plusMatch5.15110
OR
zohocorpmanageengine_adselfservice_plusMatch5.15111
OR
zohocorpmanageengine_adselfservice_plusMatch5.15112
OR
zohocorpmanageengine_adselfservice_plusMatch5.15113
OR
zohocorpmanageengine_adselfservice_plusMatch5.15114
OR
zohocorpmanageengine_adselfservice_plusMatch5.15115
OR
zohocorpmanageengine_adselfservice_plusMatch5.25200
OR
zohocorpmanageengine_adselfservice_plusMatch5.25201
OR
zohocorpmanageengine_adselfservice_plusMatch5.25202
OR
zohocorpmanageengine_adselfservice_plusMatch5.25203
OR
zohocorpmanageengine_adselfservice_plusMatch5.25204
OR
zohocorpmanageengine_adselfservice_plusMatch5.25205
OR
zohocorpmanageengine_adselfservice_plusMatch5.25206
OR
zohocorpmanageengine_adselfservice_plusMatch5.25207
OR
zohocorpmanageengine_adselfservice_plusMatch5.35300
OR
zohocorpmanageengine_adselfservice_plusMatch5.35301
OR
zohocorpmanageengine_adselfservice_plusMatch5.35302
OR
zohocorpmanageengine_adselfservice_plusMatch5.35303
OR
zohocorpmanageengine_adselfservice_plusMatch5.35304
OR
zohocorpmanageengine_adselfservice_plusMatch5.35305
OR
zohocorpmanageengine_adselfservice_plusMatch5.35306
OR
zohocorpmanageengine_adselfservice_plusMatch5.35307
OR
zohocorpmanageengine_adselfservice_plusMatch5.35308
OR
zohocorpmanageengine_adselfservice_plusMatch5.35309
OR
zohocorpmanageengine_adselfservice_plusMatch5.35310
OR
zohocorpmanageengine_adselfservice_plusMatch5.35311
OR
zohocorpmanageengine_adselfservice_plusMatch5.35312
OR
zohocorpmanageengine_adselfservice_plusMatch5.35313
OR
zohocorpmanageengine_adselfservice_plusMatch5.35314
OR
zohocorpmanageengine_adselfservice_plusMatch5.35315
OR
zohocorpmanageengine_adselfservice_plusMatch5.35316
OR
zohocorpmanageengine_adselfservice_plusMatch5.35317
OR
zohocorpmanageengine_adselfservice_plusMatch5.35318
OR
zohocorpmanageengine_adselfservice_plusMatch5.35319
OR
zohocorpmanageengine_adselfservice_plusMatch5.35320
OR
zohocorpmanageengine_adselfservice_plusMatch5.35321
OR
zohocorpmanageengine_adselfservice_plusMatch5.35322
OR
zohocorpmanageengine_adselfservice_plusMatch5.35323
OR
zohocorpmanageengine_adselfservice_plusMatch5.35324
OR
zohocorpmanageengine_adselfservice_plusMatch5.35325
OR
zohocorpmanageengine_adselfservice_plusMatch5.35326
OR
zohocorpmanageengine_adselfservice_plusMatch5.35327
OR
zohocorpmanageengine_adselfservice_plusMatch5.35328
OR
zohocorpmanageengine_adselfservice_plusMatch5.35329
OR
zohocorpmanageengine_adselfservice_plusMatch5.35330
OR
zohocorpmanageengine_adselfservice_plusMatch5.45400
OR
zohocorpmanageengine_adselfservice_plusMatch5.55500
OR
zohocorpmanageengine_adselfservice_plusMatch5.55501
OR
zohocorpmanageengine_adselfservice_plusMatch5.55502
OR
zohocorpmanageengine_adselfservice_plusMatch5.55503
OR
zohocorpmanageengine_adselfservice_plusMatch5.55504
OR
zohocorpmanageengine_adselfservice_plusMatch5.55505
OR
zohocorpmanageengine_adselfservice_plusMatch5.55506
OR
zohocorpmanageengine_adselfservice_plusMatch5.55507
OR
zohocorpmanageengine_adselfservice_plusMatch5.55508
OR
zohocorpmanageengine_adselfservice_plusMatch5.55509
OR
zohocorpmanageengine_adselfservice_plusMatch5.55510
OR
zohocorpmanageengine_adselfservice_plusMatch5.55511
OR
zohocorpmanageengine_adselfservice_plusMatch5.55512
OR
zohocorpmanageengine_adselfservice_plusMatch5.55513
OR
zohocorpmanageengine_adselfservice_plusMatch5.55514
OR
zohocorpmanageengine_adselfservice_plusMatch5.55515
OR
zohocorpmanageengine_adselfservice_plusMatch5.55516
OR
zohocorpmanageengine_adselfservice_plusMatch5.55517
OR
zohocorpmanageengine_adselfservice_plusMatch5.55518
OR
zohocorpmanageengine_adselfservice_plusMatch5.55519
OR
zohocorpmanageengine_adselfservice_plusMatch5.55520
OR
zohocorpmanageengine_adselfservice_plusMatch5.55521
OR
zohocorpmanageengine_adselfservice_plusMatch5.65600
OR
zohocorpmanageengine_adselfservice_plusMatch5.65601
OR
zohocorpmanageengine_adselfservice_plusMatch5.65602
OR
zohocorpmanageengine_adselfservice_plusMatch5.65603
OR
zohocorpmanageengine_adselfservice_plusMatch5.65604
OR
zohocorpmanageengine_adselfservice_plusMatch5.65605
OR
zohocorpmanageengine_adselfservice_plusMatch5.65606
OR
zohocorpmanageengine_adselfservice_plusMatch5.65607
OR
zohocorpmanageengine_adselfservice_plusMatch5.75702
OR
zohocorpmanageengine_adselfservice_plusMatch5.75704
OR
zohocorpmanageengine_adselfservice_plusMatch5.75705
OR
zohocorpmanageengine_adselfservice_plusMatch5.75706
OR
zohocorpmanageengine_adselfservice_plusMatch5.75707
OR
zohocorpmanageengine_adselfservice_plusMatch5.75708
OR
zohocorpmanageengine_adselfservice_plusMatch5.75709
OR
zohocorpmanageengine_adselfservice_plusMatch5.75710
OR
zohocorpmanageengine_adselfservice_plusMatch5.85800
OR
zohocorpmanageengine_adselfservice_plusMatch5.85801
OR
zohocorpmanageengine_adselfservice_plusMatch5.85802
OR
zohocorpmanageengine_adselfservice_plusMatch5.85803
VendorProductVersionCPE
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.0cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*
Rows per page:
1-10 of 1101

Related

cvelist 1
prion 1
cve 1
cvelist
cvelist
CVE-2019-18411
2019-11-06 21:48:40
prion
prion
Design/Logic Flaw
2019-11-06 22:15:00
cve
cve
CVE-2019-18411
2019-11-06 22:15:10

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

42.0%

JSON
Related for NVD:CVE-2019-18411
cvelist1prion1cve1