RSS   Vulnerabilities for
'Manageengine adselfservice plus'
   RSS

2021-09-10
 
CVE-2021-37422

CWE-89
 

 
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.

 
 
CVE-2021-37423

NVD-CWE-noinfo
 

 
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.

 
2021-09-07
 
CVE-2021-40539

CWE-287
 

 
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

 
2021-08-30
 
CVE-2021-33055

CWE-78
 

 
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.

 
 
CVE-2021-37416

CWE-79
 

 
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.

 
 
CVE-2021-37417

CWE-20
 

 
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.

 
 
CVE-2021-37421

CWE-863
 

 
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.

 
2021-08-09
 
CVE-2021-33256

CWE-1236
 

 
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file.

 
2021-07-02
 
CVE-2021-31874

NVD-CWE-noinfo
 

 
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.

 
2021-06-25
 
CVE-2021-28958

CWE-287
 

 
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.

 


Copyright 2021, cxsecurity.com

 

Back to Top