124 matches found
Vulnerabilities fixed in Zoho ManageEngine
Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...
CVE-2025-3833
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...
ZOHO ManageEngine ADSelfService Plus SQL注入漏洞
ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6513 and prior versions, which stems from an MFA report of...
The vulnerability of the ManageEngine ADSelfService Plus password reset software, related to deficiencies in authentication procedures, allows a malicious individual to gain access to user accounts.
The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to user accounts remotely...
CVE-2025-1723
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...
CVE-2025-1723 Account takeover
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...
PT-2025-9278 · Manageengine · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADSelfService Plus versions 6510 and below Description: The issue is related to session mishandling, which can lead to account takeover. Valid account holders in the setup only have the potential to exploit this bug. The...
CVE-2024-0252
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...
Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus
ADSelfService-Plus-RCE-CVE-2021-40539 ADSelfService Plus RCE...
The vulnerability of the ManageEngine ADSelfService Plus software for password reset functions, due to uncontrolled resource consumption, allows a hacker to trigger a service failure.
The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.
The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to gain elevated privileges remotely...
CVE-2024-0252
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...
Remote code execution
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...
CVE-2024-0252 Remote code execution
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...
CVE-2024-0252 Remote code execution
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...
CVE-2023-35719
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...
CVE-2023-35719 ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...
ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability
ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...
PT-2023-25291 · Zoho · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required...
(0Day) ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue...