Lucene search
K

426 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.6 views

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

4.3CVSS7AI score0.01116EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:33 p.m.4 views

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...

9.3CVSS7.2AI score0.79003EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.8 views

CVE-2021-37422

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases...

9.8CVSS8.1AI score0.03432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.8 views

CVE-2021-37424

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover...

9.8CVSS6.9AI score0.04622EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.6 views

CVE-2021-37423

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover...

9.8CVSS6.9AI score0.02827EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.7 views

CVE-2021-37416

Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page...

6.1CVSS6AI score0.02934EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.9 views

CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...

5.3CVSS7AI score0.069EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 p.m.8 views

CVE-2021-37420

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing...

6.5CVSS6.9AI score0.01856EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.7 views

CVE-2020-11518

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution...

9.8CVSS9.7AI score0.1879EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.5 views

CVE-2019-12476

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboa...

7.2CVSS7.3AI score0.0153EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/05/15 12:0 a.m.5 views

ManageEngine ADSelfService Plus < build 6514 SQLi

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6514. It is, therefore, affected by an authenticated SQL injection vulnerability in the MFA reports. Note that Nessus has not tested for this issue but has instead...

8.1CVSS5.8AI score0.27766EPSS
Exploits0References2
NCSC
NCSC
added 2025/05/14 1:19 p.m.35 views

Vulnerabilities fixed in Zoho ManageEngine

Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...

8.1CVSS7.5AI score0.27766EPSS
Exploits0References2
OSV
OSV
added 2025/05/14 11:16 a.m.5 views

CVE-2025-3833

Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...

8.1CVSS5.8AI score0.27766EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 11:16 a.m.21 views

CVE-2025-3833

Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...

8.1CVSS0.27766EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 11:0 a.m.4 views

CVE-2025-3833 SQL Injection

Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...

8.1CVSS8.6AI score0.27766EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 11:0 a.m.48 views

CVE-2025-3833

CVE-2025-3833 affects Zoho ManageEngine ADSelfService Plus (older builds 6513 and earlier). The issue is an authenticated SQL injection in the MFA reports component caused by improper handling of SQL queries, which could lead to unauthorized data exposure or access. Several sources confirm the vu...

8.1CVSS8.4AI score0.27766EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

ZOHO ManageEngine ADSelfService Plus SQL注入漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6513 and prior versions, which stems from an MFA report of...

8.1CVSS7.2AI score0.27766EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/07 12:0 a.m.8 views

The vulnerability of the ManageEngine ADSelfService Plus password reset software, related to deficiencies in authentication procedures, allows a malicious individual to gain access to user accounts.

The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to user accounts remotely...

8.5CVSS8AI score0.01426EPSS
Exploits0References2Affected Software1
NCSC
NCSC
added 2025/03/03 2:11 p.m.7 views

Vulnerability fixed in Zohocorp ManageEngine ADSelfService Plus

Zohocorp has fixed a vulnerability in ManageEngine ADSelfService Plus Specifically for versions 6510 and earlier. The vulnerability is in the way sessions are managed in ManageEngine ADSelfService Plus. This issue allows valid account holders to abuse the system, which can lead to possible accoun...

8.1CVSS6.9AI score0.01426EPSS
Exploits0References1
OSV
OSV
added 2025/03/03 8:15 a.m.5 views

CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

8.1CVSS5.8AI score0.01426EPSS
Exploits0References1
Rows per page
Query Builder