ZOHO ManageEngine ADSelfService Plus 授权问题漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6510 and prior versions that stems from improper session...

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...

ZOHO ManageEngine ADSelfService Plus 输入验证错误漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The ZOHO ManageEngine ADSelfService Plus suffers from an input validation error vulnerability that stems from insufficient...

Vulnerability fixed in Zoho ManageEngine ADSelfService Plus

Zoho has fixed a vulnerability in ManageEngine ADSelfService Plus. An authenticated malicious person could potentially potentially exploit it to execute arbitrary code. The vulnerability is located in the password reset functionality. Systems are vulnerable only when custom scripts are enabled fo...

ZOHO ManageEngine ADSelfService Plus 安全漏洞

An information disclosure exists in Zoho ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A vulnerability exists in Zoho ManageEngine ADSelfService Plus, which stems from the disclosure of...

Zoho Corporation ADSelfService Plus 跨站脚本漏洞

Zoho Corporation ADSelfService Plus is a single management platform from Zoho Corporation, Inc. for complete self-service password management. Zoho Corporation ADSelfService Plus suffers from a cross-site scripting vulnerability that originates from Reset Password, Unlock Account and User Must...

ZOHO ManageEngine ADSelfService Plus SQL注入漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A SQL injection vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6111 and prior versions, which can be exploited by an...

ZOHO ManageEngine ADSelfService Plus Information Disclosure Vulnerability (CNVD-2020-04705)

ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. An information disclosure vulnerability exists in ZOHO ManageEngine ADSelfService Plus version 5.6 Build 5607, which can be exploited by an attacker to retrieve internal information about the syst...