Manageengine Adselfservice Plus
by Zohocorp
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20664 | 0.00 | — | 0.08 | Jan 3, 2019 | Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | |||
| CVE-2019-3905 | 0.00 | — | 0.03 | Jan 3, 2019 | Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | |||
| CVE-2014-3779 | 0.00 | — | 0.04 | Jan 7, 2015 | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do. | |||
| CVE-2010-3273 | 0.00 | — | 0.03 | Feb 17, 2011 | ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. |
- CVE-2018-20664Jan 3, 2019risk 0.00cvss —epss 0.08
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
- CVE-2019-3905Jan 3, 2019risk 0.00cvss —epss 0.03
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
- CVE-2014-3779Jan 7, 2015risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
- CVE-2010-3273Feb 17, 2011risk 0.00cvss —epss 0.03
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
Page 2 of 2