Lucene search
K

425 matches found

Vulnrichment
Vulnrichment
added 2025/03/03 7:40 a.m.5 views

CVE-2025-1723 Account takeover

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

8.1CVSS8.2AI score0.01426EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.4 views

ZOHO ManageEngine ADSelfService Plus 授权问题漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6510 and prior versions that stems from improper session...

8.1CVSS9AI score0.01426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/26 12:0 a.m.6 views

PT-2025-9278 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADSelfService Plus versions 6510 and below Description: The issue is related to session mishandling, which can lead to account takeover. Valid account holders in the setup only have the potential to exploit this bug. The...

8.5CVSS9.5AI score0.01426EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2025/02/04 11:6 p.m.15 views

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS7.9AI score0.07814EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/10/16 11:23 a.m.193 views

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

ADSelfService-Plus-RCE-CVE-2021-40539 ADSelfService Plus RCE...

9.8CVSS7.5AI score0.9896EPSS
Exploits8
GithubExploit
GithubExploit
added 2024/10/12 9:9 a.m.405 views

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vuln...

9.8CVSS7.4AI score0.9896EPSS
Exploits8
GithubExploit
GithubExploit
added 2024/10/12 9:1 a.m.385 views

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vulner...

9.8CVSS7.4AI score0.9896EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.5 views

The vulnerability of the ManageEngine ADSelfService Plus software for password reset functions, due to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

5.3CVSS5.5AI score0.02274EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/27 6:15 p.m.3 views

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input...

6.5CVSS5.8AI score0.02274EPSS
Exploits0References1
NVD
NVD
added 2024/05/27 6:15 p.m.20 views

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input...

6.5CVSS5.3AI score0.02274EPSS
Exploits0References1
CVE
CVE
added 2024/05/27 5:26 p.m.84 views

CVE-2024-27310

CVE-2024-27310 affects Zoho ManageEngine ADSelfService Plus prior to version 6401. The vulnerability arises from malicious LDAP input causing a denial-of-service condition, impacting availability (per CVE metrics). Connected sources corroborate that versions below 6401 are vulnerable; no explicit...

6.5CVSS5.3AI score0.02274EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/27 5:26 p.m.18 views

CVE-2024-27310 DOS Vulnerability

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input...

5.3CVSS5.3AI score0.02274EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/27 5:26 p.m.28 views

CVE-2024-27310 DOS Vulnerability

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input...

5.3CVSS5.3AI score0.02274EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/27 12:0 a.m.2 views

ZOHO ManageEngine ADSelfService Plus 安全漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6401 and prior versions, which stems from susceptibility to...

6.5CVSS6.5AI score0.02274EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/12 12:0 a.m.4 views

The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to gain elevated privileges remotely...

9CVSS7.6AI score0.07814EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.24 views

ManageEngine ADSelfService Plus < build 6402 Authenticated RCE

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6402. It is, therefore, affected by an authenticated remote code execution vulnerability in the load balancer component of ADSelfService Plus. All ADSelfService Plu...

8.8CVSS8.7AI score0.07814EPSS
Exploits0References2
OSV
OSV
added 2024/01/11 8:15 a.m.5 views

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS6.3AI score0.07814EPSS
Exploits0References1
NVD
NVD
added 2024/01/11 8:15 a.m.25 views

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS9.1AI score0.07814EPSS
Exploits0References1
Prion
Prion
added 2024/01/11 8:15 a.m.18 views

Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

6.5CVSS8.1AI score0.07814EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 7:57 a.m.2 views

CVE-2024-0252 Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS9.1AI score0.07814EPSS
Exploits0References1
Rows per page
Query Builder