Lucene search
K

124 matches found

ncsc
ncsc
added 2025/05/14 1:19 p.m.36 views

Vulnerabilities fixed in Zoho ManageEngine

Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...

8.1CVSS7.5AI score0.27766EPSS
Exploits0References2
osv
osv
added 2025/05/14 11:16 a.m.5 views

CVE-2025-3833

Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...

8.1CVSS5.8AI score0.27766EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/05/14 12:0 a.m.4 views

ZOHO ManageEngine ADSelfService Plus SQL注入漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6513 and prior versions, which stems from an MFA report of...

8.1CVSS7.2AI score0.27766EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2025/03/07 12:0 a.m.9 views

The vulnerability of the ManageEngine ADSelfService Plus password reset software, related to deficiencies in authentication procedures, allows a malicious individual to gain access to user accounts.

The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to user accounts remotely...

8.5CVSS8AI score0.01426EPSS
Exploits0References2Affected Software1
osv
osv
added 2025/03/03 8:15 a.m.5 views

CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

8.1CVSS5.8AI score0.01426EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/03 7:40 a.m.5 views

CVE-2025-1723 Account takeover

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

8.1CVSS8.2AI score0.01426EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/02/26 12:0 a.m.7 views

PT-2025-9278 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADSelfService Plus versions 6510 and below Description: The issue is related to session mishandling, which can lead to account takeover. Valid account holders in the setup only have the potential to exploit this bug. The...

8.5CVSS9.5AI score0.01426EPSS
Exploits0References24
redhatcve
redhatcve
added 2025/02/04 11:6 p.m.15 views

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS7.9AI score0.07814EPSS
Exploits0References1
githubexploit
githubexploit
added 2024/10/16 11:23 a.m.249 views

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

ADSelfService-Plus-RCE-CVE-2021-40539 ADSelfService Plus RCE...

9.8CVSS7.5AI score0.9896EPSS
Exploits8
bdu_fstec
bdu_fstec
added 2024/07/31 12:0 a.m.7 views

The vulnerability of the ManageEngine ADSelfService Plus software for password reset functions, due to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

5.3CVSS5.5AI score0.02274EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2024/02/12 12:0 a.m.6 views

The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to gain elevated privileges remotely...

9CVSS7.6AI score0.07814EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2024/01/11 8:15 a.m.25 views

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS9.1AI score0.07814EPSS
Exploits0References1
prion
prion
added 2024/01/11 8:15 a.m.18 views

Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

6.5CVSS8.1AI score0.07814EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2024/01/11 7:57 a.m.2 views

CVE-2024-0252 Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS9.1AI score0.07814EPSS
Exploits0References1
cvelist
cvelist
added 2024/01/11 7:57 a.m.44 views

CVE-2024-0252 Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS9.3AI score0.07814EPSS
Exploits0References1
attackerkb
attackerkb
added 2023/09/06 5:15 a.m.6 views

CVE-2023-35719

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...

6.8CVSS7.1AI score0.26426EPSS
Exploits0References3
cvelist
cvelist
added 2023/09/06 4:3 a.m.36 views

CVE-2023-35719 ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...

6.8CVSS7.2AI score0.26426EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/09/06 12:0 a.m.4 views

ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...

6.8CVSS7.5AI score0.26426EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/06/21 12:0 a.m.4 views

PT-2023-25291 · Zoho · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required...

6.8CVSS7.1AI score0.26426EPSS
Exploits0References8
zdi
zdi
added 2023/06/21 12:0 a.m.27 views

(0Day) ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue...

6.8CVSS7.6AI score0.26426EPSS
Exploits0
Rows per page
Query Builder