VYPR

Manageengine Adselfservice Plus

by Zohocorp

CVEs (24)

  • CVE-2026-2740HigMay 21, 2026
    risk 0.55cvss 8.4epss 0.02

    Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

  • CVE-2026-1367HigFeb 23, 2026
    risk 0.54cvss 8.3epss 0.08

    Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.

  • CVE-2010-3274Feb 17, 2011
    risk 0.05cvss epss 0.21

    Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or…

  • CVE-2022-29457Apr 18, 2022
    risk 0.04cvss epss 0.08

    Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

  • CVE-2018-20484Dec 26, 2018
    risk 0.03cvss epss 0.05

    Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.

  • CVE-2018-20485Dec 26, 2018
    risk 0.03cvss epss 0.05

    Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.

  • CVE-2011-5105Aug 23, 2012
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than…

  • CVE-2010-3272Feb 17, 2011
    risk 0.03cvss epss 0.04

    accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1)…

  • CVE-2018-5353Sep 29, 2020
    risk 0.01cvss epss 0.08

    The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable…

  • CVE-2019-7162Dec 31, 2019
    risk 0.01cvss epss 0.04

    An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.

  • CVE-2025-11250Jan 13, 2026
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.

  • CVE-2025-3833May 14, 2025
    risk 0.00cvss epss 0.28

    Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.

  • CVE-2025-1723Mar 3, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.

  • CVE-2024-27310May 27, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.

  • CVE-2022-36413Mar 23, 2023
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.

  • CVE-2019-18781Dec 18, 2019
    risk 0.00cvss epss 0.02

    An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

  • CVE-2019-18411Nov 6, 2019
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the…

  • CVE-2019-12876Jul 17, 2019
    risk 0.00cvss epss 0.05

    Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

  • CVE-2019-11511Apr 25, 2019
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.

  • CVE-2019-7161Mar 18, 2019
    risk 0.00cvss epss 0.06

    An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.

Page 1 of 2