Medium severity6.1NVD Advisory· Published Feb 19, 2021· Updated Jun 17, 2026
CVE-2021-27214
CVE-2021-27214
Description
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Zoho/ManageEngine ADSelfService Plusdescription
- Range: <=6013
- Range: <=6013
Patches
Vulnerability mechanics
References
2- www.horizonsecurity.it/lang_EN/advisories/nvdExploitThird Party Advisory
- www.manageengine.com/products/self-service-password/release-notes.htmlnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.