Vulnerabilites related to zohocorp - manageengine_adselfservice_plus
cve-2020-11518
Vulnerability from cvelistv5
Published
2020-04-04 13:25
Modified
2024-08-04 11:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:35:12.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-04T13:25:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11518", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11518", datePublished: "2020-04-04T13:25:34", dateReserved: "2020-04-04T00:00:00", dateUpdated: "2024-08-04T11:35:12.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6105
Vulnerability from cvelistv5
Published
2023-11-15 20:57
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | Service Desk Plus |
Version: 0 < 14304 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:21:17.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2023-35", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Service Desk Plus", vendor: "ManageEngine", versions: [ { lessThan: "14304", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Asset Explorer", vendor: "ManageEngine", versions: [ { lessThan: "7004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Access Manager Plus", vendor: "ManageEngine", versions: [ { lessThan: "14304", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.<br>", }, ], value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.", }, ], impacts: [ { capecId: "CAPEC-176", descriptions: [ { lang: "en", value: "CAPEC-176 Configuration/Environment Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T19:58:04.015Z", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { url: "https://www.tenable.com/security/research/tra-2023-35", }, { url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, ], source: { discovery: "UNKNOWN", }, title: "ManageEngine Information Disclosure in Multiple Products", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2023-6105", datePublished: "2023-11-15T20:57:47.981Z", dateReserved: "2023-11-13T15:10:28.339Z", dateUpdated: "2025-02-13T17:26:03.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18411
Vulnerability from cvelistv5
Published
2019-11-06 21:48
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:54:14.115Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-11-03T00:00:00", descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-06T21:48:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae", refsource: "MISC", url: "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18411", datePublished: "2019-11-06T21:48:40", dateReserved: "2019-10-24T00:00:00", dateUpdated: "2024-08-05T01:54:14.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5353
Vulnerability from cvelistv5
Published
2020-09-29 20:07
Modified
2024-08-05 05:33
Severity ?
EPSS score ?
Summary
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/self-service-password/release-notes.html | x_refsource_MISC | |
| http://zoho.com | x_refsource_MISC | |
| https://github.com/missing0x00/CVE-2018-5353 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:33:44.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://zoho.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/missing0x00/CVE-2018-5353", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-29T20:07:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", ], url: "http://zoho.com", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/missing0x00/CVE-2018-5353", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5353", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { name: "http://zoho.com", refsource: "MISC", url: "http://zoho.com", }, { name: "https://github.com/missing0x00/CVE-2018-5353", refsource: "MISC", url: "https://github.com/missing0x00/CVE-2018-5353", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5353", datePublished: "2020-09-29T20:07:22", dateReserved: "2018-01-12T00:00:00", dateUpdated: "2024-08-05T05:33:44.213Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29457
Vulnerability from cvelistv5
Published
2022-04-18 19:47
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:05.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-11T19:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-29457", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { name: "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability", refsource: "MISC", url: "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability", }, { name: "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29457", datePublished: "2022-04-18T19:47:07", dateReserved: "2022-04-18T00:00:00", dateUpdated: "2024-08-03T06:26:05.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37423
Vulnerability from cvelistv5
Published
2021-09-10 14:55
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:03.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-10T14:55:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37423", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37423", datePublished: "2021-09-10T14:55:33", dateReserved: "2021-07-23T00:00:00", dateUpdated: "2024-08-04T01:16:03.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3273
Vulnerability from cvelistv5
Published
2011-02-17 17:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65348 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/43241 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2011/0392 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/516396/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/8089 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/70869 | vdb-entry, x_refsource_OSVDB | |
| http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | x_refsource_MISC | |
| http://www.securityfocus.com/bid/46331 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:03:18.891Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "adselfservice-resetresult-security-bypass(65348)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348", }, { name: "43241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43241", }, { name: "ADV-2011-0392", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/8089", }, { name: "70869", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/70869", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/46331", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-02-10T00:00:00", descriptions: [ { lang: "en", value: "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "adselfservice-resetresult-security-bypass(65348)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348", }, { name: "43241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43241", }, { name: "ADV-2011-0392", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/8089", }, { name: "70869", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/70869", }, { tags: [ "x_refsource_MISC", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/46331", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-3273", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "adselfservice-resetresult-security-bypass(65348)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348", }, { name: "43241", refsource: "SECUNIA", url: "http://secunia.com/advisories/43241", }, { name: "ADV-2011-0392", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", refsource: "SREASON", url: "http://securityreason.com/securityalert/8089", }, { name: "70869", refsource: "OSVDB", url: "http://www.osvdb.org/70869", }, { name: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", refsource: "MISC", url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", refsource: "BID", url: "http://www.securityfocus.com/bid/46331", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-3273", datePublished: "2011-02-17T17:00:00", dateReserved: "2010-09-09T00:00:00", dateUpdated: "2024-08-07T03:03:18.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34829
Vulnerability from cvelistv5
Published
2022-07-04 19:25
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:22:10.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-04T19:25:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-34829", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-34829", datePublished: "2022-07-04T19:25:01", dateReserved: "2022-06-29T00:00:00", dateUpdated: "2024-08-03T09:22:10.698Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7161
Vulnerability from cvelistv5
Published
2019-03-18 20:39
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/ | x_refsource_MISC | |
| https://www.manageengine.com/products/self-service-password/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:38:33.486Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-19T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-18T20:39:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/", refsource: "MISC", url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/", }, { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "CONFIRM", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7161", datePublished: "2019-03-18T20:39:46", dateReserved: "2019-01-29T00:00:00", dateUpdated: "2024-08-04T20:38:33.486Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28342
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-13 16:00
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:25.055Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28342", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-13T15:41:59.324267Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-13T16:00:12.940Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-05T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://manageengine.com", }, { url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-28342", datePublished: "2023-04-05T00:00:00.000Z", dateReserved: "2023-03-14T00:00:00.000Z", dateUpdated: "2025-02-13T16:00:12.940Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27956
Vulnerability from cvelistv5
Published
2021-05-20 17:55
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://raxis.com/blog/cve-2021-27956-manage-engine-xss | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://raxis.com/blog/cve-2021-27956-manage-engine-xss", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-20T17:55:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", ], url: "https://raxis.com/blog/cve-2021-27956-manage-engine-xss", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27956", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com", refsource: "MISC", url: "https://www.manageengine.com", }, { name: "https://raxis.com/blog/cve-2021-27956-manage-engine-xss", refsource: "MISC", url: "https://raxis.com/blog/cve-2021-27956-manage-engine-xss", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", refsource: "CONFIRM", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27956", datePublished: "2021-05-20T17:55:22", dateReserved: "2021-03-04T00:00:00", dateUpdated: "2024-08-03T21:33:17.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20147
Vulnerability from cvelistv5
Published
2022-01-03 21:07
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-52 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ADSelfService Plus |
Version: < 6116 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.495Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ManageEngine ADSelfService Plus", vendor: "n/a", versions: [ { status: "affected", version: "< 6116", }, ], }, ], descriptions: [ { lang: "en", value: "ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.", }, ], problemTypes: [ { descriptions: [ { description: "Observable Response Discrepancy", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-03T21:07:10", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20147", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ManageEngine ADSelfService Plus", version: { version_data: [ { version_value: "< 6116", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Observable Response Discrepancy", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-52", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-52", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20147", datePublished: "2022-01-03T21:07:10", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.495Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28810
Vulnerability from cvelistv5
Published
2022-04-18 12:22
Modified
2025-01-29 16:33
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rapid7/metasploit-framework/pull/16475", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-28810", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:32:49.670627Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-03-07", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-28810", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:33:13.223Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-21T17:52:55.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/rapid7/metasploit-framework/pull/16475", }, { tags: [ "x_refsource_MISC", ], url: "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28810", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html", }, { name: "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html", }, { name: "https://github.com/rapid7/metasploit-framework/pull/16475", refsource: "MISC", url: "https://github.com/rapid7/metasploit-framework/pull/16475", }, { name: "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/", refsource: "MISC", url: "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28810", datePublished: "2022-04-18T12:22:59.000Z", dateReserved: "2022-04-08T00:00:00.000Z", dateUpdated: "2025-01-29T16:33:13.223Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33055
Vulnerability from cvelistv5
Published
2021-08-30 18:12
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.stmcyber.com/vulns/cve-2021-33055/ | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:42:19.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.stmcyber.com/vulns/cve-2021-33055/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-30T18:12:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.stmcyber.com/vulns/cve-2021-33055/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-33055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.stmcyber.com/vulns/cve-2021-33055/", refsource: "MISC", url: "https://blog.stmcyber.com/vulns/cve-2021-33055/", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released", refsource: "CONFIRM", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33055", datePublished: "2021-08-30T18:12:17", dateReserved: "2021-05-17T00:00:00", dateUpdated: "2024-08-03T23:42:19.123Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35719
Vulnerability from cvelistv5
Published
2023-09-06 04:03
Modified
2024-09-26 20:24
Severity ?
EPSS score ?
Summary
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-891 | x_research-advisory | |
| https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADSelfService Plus |
Version: 6.1 Build 6122 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Zero Day Initiative Security Advisory ZDI-23-891", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-891", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35719", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T20:23:54.363071Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:24:03.273Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "ADSelfService Plus", vendor: "ManageEngine", versions: [ { status: "affected", version: "6.1 Build 6122", }, ], }, ], dateAssigned: "2023-06-15T15:31:13.921-05:00", datePublic: "2023-06-21T15:20:55.928-05:00", descriptions: [ { lang: "en", value: "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-345", description: "CWE-345: Insufficient Verification of Data Authenticity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-15T19:54:06.718Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "Zero Day Initiative Security Advisory ZDI-23-891", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-891", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", ], url: "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html", }, ], source: { lang: "en", value: "Pedro Ribeiro (pedrib@gmail.com | @pedrib1337), João Bigotte and Ashley King from Agile Information Security", }, title: "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-35719", datePublished: "2023-09-06T04:03:08.608Z", dateReserved: "2023-06-15T20:23:02.753Z", dateUpdated: "2024-09-26T20:24:03.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3272
Vulnerability from cvelistv5
Published
2011-02-17 17:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43241 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2011/0392 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/516396/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/8089 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65350 | vdb-entry, x_refsource_XF | |
| http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | x_refsource_MISC | |
| http://www.securityfocus.com/bid/46331 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/70870 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:03:18.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "43241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43241", }, { name: "ADV-2011-0392", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/8089", }, { name: "adselfservice-pwr-weak-security(65350)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/46331", }, { name: "70870", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/70870", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-02-10T00:00:00", descriptions: [ { lang: "en", value: "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "43241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43241", }, { name: "ADV-2011-0392", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/8089", }, { name: "adselfservice-pwr-weak-security(65350)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350", }, { tags: [ "x_refsource_MISC", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/46331", }, { name: "70870", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/70870", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-3272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "43241", refsource: "SECUNIA", url: "http://secunia.com/advisories/43241", }, { name: "ADV-2011-0392", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", refsource: "SREASON", url: "http://securityreason.com/securityalert/8089", }, { name: "adselfservice-pwr-weak-security(65350)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350", }, { name: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", refsource: "MISC", url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", refsource: "BID", url: "http://www.securityfocus.com/bid/46331", }, { name: "70870", refsource: "OSVDB", url: "http://www.osvdb.org/70870", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-3272", datePublished: "2011-02-17T17:00:00", dateReserved: "2010-09-09T00:00:00", dateUpdated: "2024-08-07T03:03:18.912Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28987
Vulnerability from cvelistv5
Published
2022-05-20 02:10
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:58.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-01T23:36:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py", }, { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28987", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md", refsource: "MISC", url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md", }, { name: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py", refsource: "MISC", url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py", }, { name: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28987", datePublished: "2022-05-20T02:10:39", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:58.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12476
Vulnerability from cvelistv5
Published
2019-06-17 17:02
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3 | x_refsource_MISC | |
| https://github.com/0katz/CVE-2019-12476 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108813 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/0katz/CVE-2019-12476", }, { name: "108813", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108813", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-19T07:06:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/0katz/CVE-2019-12476", }, { name: "108813", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108813", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12476", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3", refsource: "MISC", url: "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3", }, { name: "https://github.com/0katz/CVE-2019-12476", refsource: "MISC", url: "https://github.com/0katz/CVE-2019-12476", }, { name: "108813", refsource: "BID", url: "http://www.securityfocus.com/bid/108813", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12476", datePublished: "2019-06-17T17:02:28", dateReserved: "2019-05-30T00:00:00", dateUpdated: "2024-08-04T23:24:38.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33256
Vulnerability from cvelistv5
Published
2021-08-09 13:28
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:42:20.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports \"User Attempts Audit Report\" as CSV file. Note: The vendor disputes this vulnerability, claiming \"This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-25T18:14:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-33256", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports \"User Attempts Audit Report\" as CSV file. Note: The vendor disputes this vulnerability, claiming \"This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection", refsource: "MISC", url: "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33256", datePublished: "2021-08-09T13:28:42", dateReserved: "2021-05-20T00:00:00", dateUpdated: "2024-08-03T23:42:20.271Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24681
Vulnerability from cvelistv5
Published
2022-04-07 21:49
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
References
| ▼ | URL | Tags |
|---|---|---|
| https://manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html | x_refsource_CONFIRM | |
| https://raxis.com/blog/cve-2022-24681 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:20:49.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://raxis.com/blog/cve-2022-24681", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-17T17:34:55", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://manageengine.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html", }, { tags: [ "x_refsource_MISC", ], url: "https://raxis.com/blog/cve-2022-24681", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-24681", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://manageengine.com", refsource: "MISC", url: "https://manageengine.com", }, { name: "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html", refsource: "CONFIRM", url: "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html", }, { name: "https://raxis.com/blog/cve-2022-24681", refsource: "MISC", url: "https://raxis.com/blog/cve-2022-24681", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-24681", datePublished: "2022-04-07T21:49:29", dateReserved: "2022-02-09T00:00:00", dateUpdated: "2024-08-03T04:20:49.188Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40539
Vulnerability from cvelistv5
Published
2021-09-07 16:06
Modified
2025-02-03 15:46
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:44:10.872Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-40539", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T14:10:08.314401Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40539", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T15:46:32.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-27T06:06:14.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-40539", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com", refsource: "MISC", url: "https://www.manageengine.com", }, { name: "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html", }, { name: "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-40539", datePublished: "2021-09-07T16:06:58.000Z", dateReserved: "2021-09-06T00:00:00.000Z", dateUpdated: "2025-02-03T15:46:32.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20485
Vulnerability from cvelistv5
Published
2018-12-26 18:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.357Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-26T00:00:00", descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-10T17:06:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { name: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20485", datePublished: "2018-12-26T18:00:00", dateReserved: "2018-12-26T00:00:00", dateUpdated: "2024-08-05T12:05:17.357Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37417
Vulnerability from cvelistv5
Published
2021-08-30 18:25
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.stmcyber.com/vulns/cve-2021-37417/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:04.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37417/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-30T18:25:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37417/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37417", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.stmcyber.com/vulns/cve-2021-37417/", refsource: "MISC", url: "https://blog.stmcyber.com/vulns/cve-2021-37417/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37417", datePublished: "2021-08-30T18:25:43", dateReserved: "2021-07-23T00:00:00", dateUpdated: "2024-08-04T01:16:04.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35854
Vulnerability from cvelistv5
Published
2023-06-20 00:00
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-35854", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T15:00:20.719051Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:00:38.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T16:30:45.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.manageengine.com", }, { tags: [ "x_transferred", ], url: "https://github.com/970198175/Simply-use", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have \"found no evidence or detail of a security vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.manageengine.com", }, { url: "https://github.com/970198175/Simply-use", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-35854", datePublished: "2023-06-20T00:00:00", dateReserved: "2023-06-19T00:00:00", dateUpdated: "2024-08-02T16:30:45.400Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20148
Vulnerability from cvelistv5
Published
2022-01-03 21:07
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-52 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ADSelfService Plus |
Version: < 6116 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ManageEngine ADSelfService Plus", vendor: "n/a", versions: [ { status: "affected", version: "< 6116", }, ], }, ], descriptions: [ { lang: "en", value: "ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.", }, ], problemTypes: [ { descriptions: [ { description: "Storage of File with Sensitive Data Under Web Root", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-03T21:07:11", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20148", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ManageEngine ADSelfService Plus", version: { version_data: [ { version_value: "< 6116", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Storage of File with Sensitive Data Under Web Root", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-52", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-52", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20148", datePublished: "2022-01-03T21:07:11", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36413
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2025-02-25 15:43
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:07:33.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-36413", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T15:43:26.930131Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T15:43:43.118Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-23T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36413", datePublished: "2023-03-23T00:00:00.000Z", dateReserved: "2022-07-23T00:00:00.000Z", dateUpdated: "2025-02-25T15:43:43.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11511
Vulnerability from cvelistv5
Published
2019-04-25 02:38
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:55:40.725Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5708", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-03T19:49:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5708", }, { tags: [ "x_refsource_MISC", ], url: "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11511", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html#5708", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5708", }, { name: "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/", refsource: "MISC", url: "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11511", datePublished: "2019-04-25T02:38:33", dateReserved: "2019-04-24T00:00:00", dateUpdated: "2024-08-04T22:55:40.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3905
Vulnerability from cvelistv5
Published
2019-01-03 18:00
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/self-service-password/release-notes.html#5703 | x_refsource_CONFIRM | |
| https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:26.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5703", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-03T00:00:00", descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-29T18:56:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5703", }, { tags: [ "x_refsource_MISC", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-3905", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html#5703", refsource: "CONFIRM", url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5703", }, { name: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/", refsource: "MISC", url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-3905", datePublished: "2019-01-03T18:00:00", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-08-04T19:26:26.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37416
Vulnerability from cvelistv5
Published
2021-08-30 18:18
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.stmcyber.com/vulns/cve-2021-37416/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:03.968Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37416/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-30T18:18:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37416/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37416", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.stmcyber.com/vulns/cve-2021-37416/", refsource: "MISC", url: "https://blog.stmcyber.com/vulns/cve-2021-37416/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37416", datePublished: "2021-08-30T18:18:14", dateReserved: "2021-07-23T00:00:00", dateUpdated: "2024-08-04T01:16:03.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-5105
Vulnerability from cvelistv5
Published
2012-08-23 20:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jameswebb.me/vulns/vrpth-2011-001.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/520562/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/50717 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:23:40.108Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://jameswebb.me/vulns/vrpth-2011-001.txt", }, { name: "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/520562/100/0/threaded", }, { name: "manageengine-adselfservice-xss(71395)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395", }, { name: "50717", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50717", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-11-17T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://jameswebb.me/vulns/vrpth-2011-001.txt", }, { name: "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/520562/100/0/threaded", }, { name: "manageengine-adselfservice-xss(71395)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395", }, { name: "50717", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50717", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-5105", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://jameswebb.me/vulns/vrpth-2011-001.txt", refsource: "MISC", url: "http://jameswebb.me/vulns/vrpth-2011-001.txt", }, { name: "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/520562/100/0/threaded", }, { name: "manageengine-adselfservice-xss(71395)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395", }, { name: "50717", refsource: "BID", url: "http://www.securityfocus.com/bid/50717", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-5105", datePublished: "2012-08-23T20:00:00", dateReserved: "2012-08-23T00:00:00", dateUpdated: "2024-08-07T00:23:40.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28958
Vulnerability from cvelistv5
Published
2021-06-25 11:54
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/self-service-password/release-notes.html#6102 | x_refsource_MISC | |
| https://blog.stmcyber.com/vulns/cve-2021-28958/ | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:55:12.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#6102", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.stmcyber.com/vulns/cve-2021-28958/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-30T18:43:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#6102", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.stmcyber.com/vulns/cve-2021-28958/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-28958", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com", refsource: "MISC", url: "https://www.manageengine.com", }, { name: "https://www.manageengine.com/products/self-service-password/release-notes.html#6102", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html#6102", }, { name: "https://blog.stmcyber.com/vulns/cve-2021-28958/", refsource: "MISC", url: "https://blog.stmcyber.com/vulns/cve-2021-28958/", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021", refsource: "CONFIRM", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28958", datePublished: "2021-06-25T11:54:17", dateReserved: "2021-03-21T00:00:00", dateUpdated: "2024-08-03T21:55:12.288Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12876
Vulnerability from cvelistv5
Published
2019-07-17 19:46
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109298 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:55.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/", }, { name: "109298", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/109298", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-19T12:06:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/", }, { name: "109298", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/109298", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12876", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/", refsource: "MISC", url: "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/", }, { name: "109298", refsource: "BID", url: "http://www.securityfocus.com/bid/109298", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12876", datePublished: "2019-07-17T19:46:17", dateReserved: "2019-06-18T00:00:00", dateUpdated: "2024-08-04T23:32:55.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27214
Vulnerability from cvelistv5
Published
2021-02-19 18:39
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.379Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-19T18:39:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27214", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { name: "https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214", refsource: "MISC", url: "https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27214", datePublished: "2021-02-19T18:39:28", dateReserved: "2021-02-14T00:00:00", dateUpdated: "2024-08-03T20:40:47.379Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-8346
Vulnerability from cvelistv5
Published
2019-05-24 16:48
Modified
2024-08-04 21:17
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/self-service-password/release-notes.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:17:30.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-24T16:48:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-8346", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-8346", datePublished: "2019-05-24T16:48:36", dateReserved: "2019-02-15T00:00:00", dateUpdated: "2024-08-04T21:17:30.689Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7162
Vulnerability from cvelistv5
Published
2019-12-31 14:10
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:38:33.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-18T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-31T14:10:58", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7162", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/", refsource: "MISC", url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7162", datePublished: "2019-12-31T14:10:58", dateReserved: "2019-01-29T00:00:00", dateUpdated: "2024-08-04T20:38:33.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18781
Vulnerability from cvelistv5
Published
2019-12-18 21:02
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/self-service-password/release-notes.html | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:38.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-18T21:02:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18781", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { name: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release", refsource: "CONFIRM", url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18781", datePublished: "2019-12-18T21:02:47", dateReserved: "2019-11-06T00:00:00", dateUpdated: "2024-08-05T02:02:38.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0252
Vulnerability from cvelistv5
Published
2024-01-11 07:57
Modified
2024-08-01 17:41
Severity ?
EPSS score ?
Summary
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADSelfService Plus |
Version: 0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T17:41:16.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://www.manageengine.com/products/download.html", defaultStatus: "affected", platforms: [ "Windows", ], product: "ADSelfService Plus", vendor: "ManageEngine", versions: [ { lessThan: "6402", status: "affected", version: "0", versionType: "6401", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load <span style=\"background-color: rgb(255, 255, 255);\">balancer</span> component. Authentication is required in order to exploit this vulnerability.", }, ], value: "ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.", }, ], impacts: [ { capecId: "CAPEC-242", descriptions: [ { lang: "en", value: "CAPEC-242 Code Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-07T08:23:43.403Z", orgId: "0fc0942c-577d-436f-ae8e-945763c79b02", shortName: "ManageEngine", }, references: [ { url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", }, ], source: { discovery: "EXTERNAL", }, title: "Remote code execution", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "0fc0942c-577d-436f-ae8e-945763c79b02", assignerShortName: "ManageEngine", cveId: "CVE-2024-0252", datePublished: "2024-01-11T07:57:12.987Z", dateReserved: "2024-01-05T17:59:42.780Z", dateUpdated: "2024-08-01T17:41:16.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20664
Vulnerability from cvelistv5
Published
2019-01-03 18:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/self-service-password/release-notes.html#5701 | x_refsource_CONFIRM | |
| https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.719Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5701", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-03T00:00:00", descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-29T18:57:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5701", }, { tags: [ "x_refsource_MISC", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html#5701", refsource: "CONFIRM", url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5701", }, { name: "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/", refsource: "MISC", url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20664", datePublished: "2019-01-03T18:00:00", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-08-05T12:05:17.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20484
Vulnerability from cvelistv5
Published
2018-12-26 18:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:16.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-26T00:00:00", descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-10T17:06:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20484", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/self-service-password/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { name: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20484", datePublished: "2018-12-26T18:00:00", dateReserved: "2018-12-26T00:00:00", dateUpdated: "2024-08-05T12:05:16.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37422
Vulnerability from cvelistv5
Published
2021-09-10 15:06
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:03.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-10T15:06:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37422", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37422", datePublished: "2021-09-10T15:06:01", dateReserved: "2021-07-23T00:00:00", dateUpdated: "2024-08-04T01:16:03.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24786
Vulnerability from cvelistv5
Published
2020-08-31 14:02
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:19:09.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/data-security/release-notes.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/eventlog/features-new.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T14:02:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/data-security/release-notes.html", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/eventlog/features-new.html", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/data-security/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/data-security/release-notes.html", }, { name: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { name: "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5", refsource: "MISC", url: "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements", }, { name: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { name: "https://www.manageengine.com/products/eventlog/features-new.html", refsource: "MISC", url: "https://www.manageengine.com/products/eventlog/features-new.html", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24786", datePublished: "2020-08-31T14:02:05", dateReserved: "2020-08-28T00:00:00", dateUpdated: "2024-08-04T15:19:09.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37421
Vulnerability from cvelistv5
Published
2021-08-30 18:30
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:03.792Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37421/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-10T14:50:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37421/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37421", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { name: "https://blog.stmcyber.com/vulns/cve-2021-37421/", refsource: "MISC", url: "https://blog.stmcyber.com/vulns/cve-2021-37421/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37421", datePublished: "2021-08-30T18:30:22", dateReserved: "2021-07-23T00:00:00", dateUpdated: "2024-08-04T01:16:03.792Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3274
Vulnerability from cvelistv5
Published
2011-02-17 17:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43241 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/70872 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2011/0392 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/516396/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/8089 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65349 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/70871 | vdb-entry, x_refsource_OSVDB | |
| http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | x_refsource_MISC | |
| http://www.securityfocus.com/bid/46331 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:03:18.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "43241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43241", }, { name: "70872", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/70872", }, { name: "ADV-2011-0392", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/8089", }, { name: "adselfservice-employeesearch-xss(65349)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349", }, { name: "70871", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/70871", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/46331", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-02-10T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "43241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43241", }, { name: "70872", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/70872", }, { name: "ADV-2011-0392", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/8089", }, { name: "adselfservice-employeesearch-xss(65349)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349", }, { name: "70871", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/70871", }, { tags: [ "x_refsource_MISC", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/46331", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-3274", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "43241", refsource: "SECUNIA", url: "http://secunia.com/advisories/43241", }, { name: "70872", refsource: "OSVDB", url: "http://www.osvdb.org/70872", }, { name: "ADV-2011-0392", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/0392", }, { name: "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { name: "8089", refsource: "SREASON", url: "http://securityreason.com/securityalert/8089", }, { name: "adselfservice-employeesearch-xss(65349)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349", }, { name: "70871", refsource: "OSVDB", url: "http://www.osvdb.org/70871", }, { name: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", refsource: "MISC", url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { name: "46331", refsource: "BID", url: "http://www.securityfocus.com/bid/46331", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-3274", datePublished: "2011-02-17T17:00:00", dateReserved: "2010-09-09T00:00:00", dateUpdated: "2024-08-07T03:03:18.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11552
Vulnerability from cvelistv5
Published
2020-08-11 15:43
Modified
2024-08-04 11:35
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Aug/4 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/48739 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Aug/6 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:35:13.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Aug/4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exploit-db.com/exploits/48739", }, { name: "20200811 Re: [FD] ManageEngine ADSelfService Plus - Unauthenticated Remote Code Execution Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Aug/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \\windows\\system32, cmd.exe can be launched as a SYSTEM.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-11T21:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2020/Aug/4", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support", }, { tags: [ "x_refsource_MISC", ], url: "https://www.exploit-db.com/exploits/48739", }, { name: "20200811 Re: [FD] ManageEngine ADSelfService Plus - Unauthenticated Remote Code Execution Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Aug/6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11552", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \\windows\\system32, cmd.exe can be launched as a SYSTEM.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com", refsource: "MISC", url: "https://www.manageengine.com", }, { name: "http://seclists.org/fulldisclosure/2020/Aug/4", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2020/Aug/4", }, { name: "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support", refsource: "CONFIRM", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support", }, { name: "https://www.exploit-db.com/exploits/48739", refsource: "MISC", url: "https://www.exploit-db.com/exploits/48739", }, { name: "20200811 Re: [FD] ManageEngine ADSelfService Plus - Unauthenticated Remote Code Execution Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Aug/6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11552", datePublished: "2020-08-11T15:43:14", dateReserved: "2020-04-05T00:00:00", dateUpdated: "2024-08-04T11:35:13.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27310
Vulnerability from cvelistv5
Published
2024-05-27 17:26
Modified
2024-10-07 19:44
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADSelfService Plus |
Version: 0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "manageengine_adselfservice_plus", vendor: "zohocorp", versions: [ { lessThanOrEqual: "builds_6400", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-27310", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-31T16:52:11.510173Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T14:02:04.570Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:27:59.865Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ADSelfService Plus", vendor: "ManageEngine", versions: [ { lessThan: "6401", status: "affected", version: "0", versionType: "14730", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.", }, ], value: "Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-90", description: "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-07T19:44:05.359Z", orgId: "0fc0942c-577d-436f-ae8e-945763c79b02", shortName: "ManageEngine", }, references: [ { url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html", }, ], source: { discovery: "UNKNOWN", }, title: "DOS Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "0fc0942c-577d-436f-ae8e-945763c79b02", assignerShortName: "ManageEngine", cveId: "CVE-2024-27310", datePublished: "2024-05-27T17:26:14.229Z", dateReserved: "2024-02-23T06:13:18.186Z", dateUpdated: "2024-10-07T19:44:05.359Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3779
Vulnerability from cvelistv5
Published
2015-01-07 18:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99612 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:57:16.728Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "adselfserviceplus-cve20143779-xss(99612)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-03T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "adselfserviceplus-cve20143779-xss(99612)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-3779", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "adselfserviceplus-cve20143779-xss(99612)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612", }, { name: "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-3779", datePublished: "2015-01-07T18:00:00", dateReserved: "2014-05-19T00:00:00", dateUpdated: "2024-08-06T10:57:16.728Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47966
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2024-09-13 17:58
Severity ?
EPSS score ?
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { tags: [ "x_transferred", ], url: "https://github.com/horizon3ai/CVE-2022-47966", }, { tags: [ "x_transferred", ], url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { tags: [ "x_transferred", ], url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-47966", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-22T05:00:59.744032Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-01-23", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47966", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-13T17:58:23.660Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T19:33:35.401552", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, { url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { url: "https://github.com/horizon3ai/CVE-2022-47966", }, { url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-47966", datePublished: "2023-01-18T00:00:00", dateReserved: "2022-12-26T00:00:00", dateUpdated: "2024-09-13T17:58:23.660Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31874
Vulnerability from cvelistv5
Published
2021-07-02 17:13
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.607Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.stmcyber.com/vulns/cve-2021-31874/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-01T23:13:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.stmcyber.com/vulns/cve-2021-31874/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31874", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { name: "https://blog.stmcyber.com/vulns/cve-2021-31874/", refsource: "MISC", url: "https://blog.stmcyber.com/vulns/cve-2021-31874/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31874", datePublished: "2021-07-02T17:13:22", dateReserved: "2021-04-29T00:00:00", dateUpdated: "2024-08-03T23:10:30.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-12-31 15:15
Modified
2024-11-21 04:47
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.", }, { lang: "es", value: "Se descubrió un problema en Zoho ManageEngine ADSelfService Plus versión 5.6 Build 5607. Un servicio expuesto permite que una persona no autenticada recupere información interna del sistema y modifique la instalación del producto.", }, ], id: "CVE-2019-7162", lastModified: "2024-11-21T04:47:41.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-31T15:15:11.317", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-20 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6104, permite un ataque de tipo XSS almacenado en la página de búsqueda de usuarios /webclient/index.html#/directory-search por medio del campo e-mail address", }, ], id: "CVE-2021-27956", lastModified: "2024-11-21T05:58:54.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-20T18:15:07.600", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://raxis.com/blog/cve-2021-27956-manage-engine-xss", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://raxis.com/blog/cve-2021-27956-manage-engine-xss", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-20 03:15
Modified
2024-11-21 06:58
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6121:*:*:*:*:*:*", matchCriteriaId: "1DD9B2CF-8EBE-454D-8A81-873C0A8ACAA9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus antes de la versión 6202 permite a los atacantes realizar una enumeración de nombres de usuario a través de una solicitud POST elaborada a /ServletAPI/accounts/login", }, ], id: "CVE-2022-28987", lastModified: "2024-11-21T06:58:17.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-20T03:15:07.203", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py", }, { source: "cve@mitre.org", url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-24 17:29
Modified
2024-11-21 04:49
Severity ?
Summary
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.", }, { lang: "es", value: "En Zoho ManageEngine ADSelfService Plus versión 5.x hasta 5704, una vulnerabilidad de tipo cross-site Scripting (XSS) en el archivo authorization.do permite una manipulación no autenticada del código JavaScript inyectando el formulario HTTP en el parametro adscsrf. Un atacante puede utilizar esto para capturar el restablecimiento de la contraseña de autoservicio AD de un usuario y el token MFA.", }, ], id: "CVE-2019-8346", lastModified: "2024-11-21T04:49:43.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-24T17:29:06.507", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-25 03:29
Modified
2024-11-21 04:21
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:4500:*:*:*:*:*:*", matchCriteriaId: "796A4512-DC6E-42A1-9A57-D4F446A9BC34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5032:*:*:*:*:*:*", matchCriteriaId: "4C202C90-B792-4E0C-B7A9-C06FDB7C30DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5040:*:*:*:*:*:*", matchCriteriaId: "42F19FC5-6C75-458A-9B90-376D0D1B0C59", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5041:*:*:*:*:*:*", matchCriteriaId: "6DC23258-D431-40C0-9853-E08D36A225FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5100:*:*:*:*:*:*", matchCriteriaId: "D8AF9E70-E4F7-4BB1-9D49-33633AB9CE82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5101:*:*:*:*:*:*", matchCriteriaId: "D1174A0E-EFA2-4FAA-B42A-A0D4FAAD592D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5102:*:*:*:*:*:*", matchCriteriaId: "A99912DA-82E6-4FD6-8916-635637941335", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5103:*:*:*:*:*:*", matchCriteriaId: "FC5FA48C-6B99-4B80-9256-694BD4174557", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5104:*:*:*:*:*:*", matchCriteriaId: "6D860882-A106-4771-87DF-9ADE482F41DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5105:*:*:*:*:*:*", matchCriteriaId: "0DD127BF-200A-45F5-9357-5024C76E7B12", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5106:*:*:*:*:*:*", matchCriteriaId: "8D2143C4-D4A0-4AE5-86D2-D3DEFD27C9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5107:*:*:*:*:*:*", matchCriteriaId: "1745145D-493D-4181-B011-46490BBF5A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5108:*:*:*:*:*:*", matchCriteriaId: "8A9605CA-8368-47D1-964A-684E099212D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5109:*:*:*:*:*:*", matchCriteriaId: "109303F0-F6C6-4BC7-9011-BAAD6B1D043E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5110:*:*:*:*:*:*", matchCriteriaId: "39BC2BEF-89B7-48F0-BAFC-26B1DE0E7EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5111:*:*:*:*:*:*", matchCriteriaId: "BA12CCBE-5C43-4FF8-A9A5-63B91AA14C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5112:*:*:*:*:*:*", matchCriteriaId: "270B44CA-F153-4EF8-8E0B-276E80C8ADB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5113:*:*:*:*:*:*", matchCriteriaId: "6EC9A6C6-3D3E-411F-89EF-CAFCF66D8222", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5114:*:*:*:*:*:*", matchCriteriaId: "CD55F212-950A-4421-9C73-80287647719F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5115:*:*:*:*:*:*", matchCriteriaId: "61E19A98-DF1A-44B0-AB69-6822F9110FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5116:*:*:*:*:*:*", matchCriteriaId: "7AA56B14-E4B5-4373-81F3-ECFD30DC897B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5200:*:*:*:*:*:*", matchCriteriaId: "77F2C9F3-67ED-4337-9EC8-A164ADCBFB5B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5201:*:*:*:*:*:*", matchCriteriaId: "DE73451C-7289-4832-84A7-1A9D8CFE5EF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5202:*:*:*:*:*:*", matchCriteriaId: "74AB64C4-625A-4369-8F16-3145B85A5DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5203:*:*:*:*:*:*", matchCriteriaId: "5C8E8A1A-AA00-48AC-BB5F-59DA174A4F71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5204:*:*:*:*:*:*", matchCriteriaId: "797C805C-68D4-4B5A-8AD8-C2036692C616", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5205:*:*:*:*:*:*", matchCriteriaId: "50D245E8-5719-41B6-95C0-A2CACE88676D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5206:*:*:*:*:*:*", matchCriteriaId: "809A4666-41E7-48B8-A9FA-A24A71EC5A1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5207:*:*:*:*:*:*", matchCriteriaId: "6BEADFCD-8A32-4D59-908A-37E9E3A52E49", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5300:*:*:*:*:*:*", matchCriteriaId: "28409900-B268-437E-B474-1CDF7C654161", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5301:*:*:*:*:*:*", matchCriteriaId: "E4A44B27-87F1-47F2-8596-663C63F4C1DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5302:*:*:*:*:*:*", matchCriteriaId: "7ACD689D-709B-471F-9C86-66E22E91DBCA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5303:*:*:*:*:*:*", matchCriteriaId: "749731D7-2431-4DBC-9E76-4BFB8F8C57C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5304:*:*:*:*:*:*", matchCriteriaId: "5B0B3278-EE00-40F5-8372-9AFA6F44B765", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5305:*:*:*:*:*:*", matchCriteriaId: "916DEBE1-C3AB-415B-9463-1A4253F609C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5306:*:*:*:*:*:*", matchCriteriaId: "5CFBBCCD-7625-4C73-AFCA-924DFAC48BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5307:*:*:*:*:*:*", matchCriteriaId: "FA24BDA1-675D-45E2-A0F8-041CC6DF1D39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5308:*:*:*:*:*:*", matchCriteriaId: "CE4EA03B-33D0-4057-A80C-4AF69D22FF38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5309:*:*:*:*:*:*", matchCriteriaId: "0BA96538-C2F8-42C2-AF49-55B7D216B17B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5310:*:*:*:*:*:*", matchCriteriaId: "D9227C12-AFD7-4481-8495-998F9AB4E668", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5311:*:*:*:*:*:*", matchCriteriaId: "17755902-5421-45C1-8952-70771E8C79A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5312:*:*:*:*:*:*", matchCriteriaId: "CA16BF41-2F02-422A-A92F-40EA8BF7A75F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5313:*:*:*:*:*:*", matchCriteriaId: "54C11E83-F0BA-4C47-875E-7CFEC447728E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5314:*:*:*:*:*:*", matchCriteriaId: "DDF73A07-905D-4F26-848B-84C3A9F1630C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5315:*:*:*:*:*:*", matchCriteriaId: "5EE92704-67CE-4D3A-97D1-BEAB1CFFC70C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5316:*:*:*:*:*:*", matchCriteriaId: "ABFB14B0-F81C-4C7A-B1EF-EF8C4D779576", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5317:*:*:*:*:*:*", matchCriteriaId: "219F3924-899B-4D14-90FF-E1F8B8A6B5F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5318:*:*:*:*:*:*", matchCriteriaId: "4C222551-E231-43E3-98BD-773FDB68D589", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5319:*:*:*:*:*:*", matchCriteriaId: "DAD582DE-6811-4D78-899C-933D1D409EF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5320:*:*:*:*:*:*", matchCriteriaId: "7D7BF363-19F5-4655-9A8C-AFF535AF0558", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5321:*:*:*:*:*:*", matchCriteriaId: "962CABE0-C8AF-4C2F-81D7-12D232C390F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5322:*:*:*:*:*:*", matchCriteriaId: "613D8FD3-7086-4E59-A012-884A094BAD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5323:*:*:*:*:*:*", matchCriteriaId: "7D14A1B5-95A8-4F62-B06A-8BA4641CC35E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5324:*:*:*:*:*:*", matchCriteriaId: "F3C27B95-B5AB-4BBD-9701-85560CC020CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5325:*:*:*:*:*:*", matchCriteriaId: "7B46B8A8-2C90-44C8-A5C9-186593D0A556", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5326:*:*:*:*:*:*", matchCriteriaId: "2CA0E58E-2535-422A-AF35-3EF017792570", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5327:*:*:*:*:*:*", matchCriteriaId: "8CC89F07-DD8C-4DD9-BE80-D9DA689A4D19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5328:*:*:*:*:*:*", matchCriteriaId: "AD53F8D8-34A0-46F0-9AC9-EF088B4C9AB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5329:*:*:*:*:*:*", matchCriteriaId: "A9B6BA8A-8709-4E8E-A42E-85B0E99818E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5330:*:*:*:*:*:*", matchCriteriaId: "B0F00049-CA99-4A6B-B347-78768BF19DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5400:*:*:*:*:*:*", matchCriteriaId: "30A10B00-E8DD-445D-AFC3-DC7DAF42724F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5500:*:*:*:*:*:*", matchCriteriaId: "CBEEB6C7-764D-4012-9656-FC76F43A53EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5501:*:*:*:*:*:*", matchCriteriaId: "86F5057B-4DFA-43A0-B604-9CACEEE926E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5502:*:*:*:*:*:*", matchCriteriaId: "5EF382C0-392B-4DA9-AFA2-3CD933615E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5503:*:*:*:*:*:*", matchCriteriaId: "78019D71-4598-4095-AAF4-13DCD93F842F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5504:*:*:*:*:*:*", matchCriteriaId: "3C6F69D0-1595-42E9-B812-63C133965E16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5505:*:*:*:*:*:*", matchCriteriaId: "30D743E2-FE10-43BB-9514-4581F33F2C34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5506:*:*:*:*:*:*", matchCriteriaId: "D4639A68-BAA3-4669-B2F1-AD381A25464D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5507:*:*:*:*:*:*", matchCriteriaId: "DF69BD50-A3B7-4C9C-83ED-088EBB977F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5508:*:*:*:*:*:*", matchCriteriaId: "0313F401-85DC-4DF0-AEAD-A8D6885902CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5509:*:*:*:*:*:*", matchCriteriaId: "924F6A44-0E30-46A9-990E-DA44AA61C012", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5510:*:*:*:*:*:*", matchCriteriaId: "C514F02D-DB00-4B05-A53C-A13310FE9E4A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5511:*:*:*:*:*:*", matchCriteriaId: "D013876C-9433-4576-84B5-464649CC8199", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5512:*:*:*:*:*:*", matchCriteriaId: "8DFA286F-0C4E-4C56-8FFB-15481594FE42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5513:*:*:*:*:*:*", matchCriteriaId: "D86056BB-3CF4-4C8A-B685-1E88E25429F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5514:*:*:*:*:*:*", matchCriteriaId: "BDE0C598-57A7-4EEF-A98C-44B871955BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5515:*:*:*:*:*:*", matchCriteriaId: "C6F752FD-8B2C-4636-B7DD-343D2DEDE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5516:*:*:*:*:*:*", matchCriteriaId: "B435C1CA-2DD6-4DC7-B7B1-9B232EA5CFC3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5517:*:*:*:*:*:*", matchCriteriaId: "48A77EA0-C382-4A81-9EE3-48F7AC8AFEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5518:*:*:*:*:*:*", matchCriteriaId: "48907141-7B99-4D1A-955D-7E98B46E5A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5519:*:*:*:*:*:*", matchCriteriaId: "C894A206-F09A-4D6A-9675-618CD8FEFD08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5520:*:*:*:*:*:*", matchCriteriaId: "52028275-3CFA-4AB0-8013-018FF88C11B0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5521:*:*:*:*:*:*", matchCriteriaId: "2864B47E-79C8-4FE4-97E5-3C85C926CA21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5600:*:*:*:*:*:*", matchCriteriaId: "627B72C4-8311-414D-AA55-EC5F71794F58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5601:*:*:*:*:*:*", matchCriteriaId: "74839837-94FC-4A6F-8DE2-358A7AD28D28", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5602:*:*:*:*:*:*", matchCriteriaId: "66B9BB15-FA78-4C05-8670-610DD790FF75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5603:*:*:*:*:*:*", matchCriteriaId: "166217A8-C306-4C79-A33F-D45032F2D1E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5604:*:*:*:*:*:*", matchCriteriaId: "EFC0E47A-8807-441D-BEFA-1E9A71EDA7C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5605:*:*:*:*:*:*", matchCriteriaId: "06395B41-9538-42FF-8ADB-E750F5C5B2C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5606:*:*:*:*:*:*", matchCriteriaId: "0DF7379A-F56E-4A2D-8099-2C0E72B8ACA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*", matchCriteriaId: "FE8675BC-B0AA-4067-B079-FCAE97519B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "82FD8A24-2D01-4D2A-ADDE-51EBCC189332", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "3CDD178D-9CE8-4FC9-8388-BB89DC949924", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus, en versiones anteriores del build 5708, es vulnerable a un XSS a través de la API de aplicaciones móviles.", }, ], id: "CVE-2019-11511", lastModified: "2024-11-21T04:21:14.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-25T03:29:00.243", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5708", }, { source: "cve@mitre.org", url: "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5708", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-11 08:15
Modified
2024-11-21 08:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.4 | |
| zohocorp | manageengine_adselfservice_plus | 6.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0B9A77AF-9D42-42A2-84F3-4307E46D917F", versionEndExcluding: "6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*", matchCriteriaId: "0FCE8818-79BB-41F7-9D2E-43FEE698B325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6401:*:*:*:*:*:*", matchCriteriaId: "FC18D7BD-91CC-4019-B429-BBA4353E8984", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.", }, { lang: "es", value: "Las versiones 6401 e inferiores de ManageEngine ADSelfService Plus son vulnerables a la ejecución remota de código debido al manejo inadecuado en el componente del balanceador de carga.", }, ], id: "CVE-2024-0252", lastModified: "2024-11-21T08:46:09.167", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-11T08:15:35.933", references: [ { source: "0fc0942c-577d-436f-ae8e-945763c79b02", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", }, ], sourceIdentifier: "0fc0942c-577d-436f-ae8e-945763c79b02", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37417/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37417/ | Release Notes, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, permiten omitir el CAPTCHA debido a una comprobación inapropiada de los parámetros.", }, ], id: "CVE-2021-37417", lastModified: "2024-11-21T06:15:07.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T19:15:09.177", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37417/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37417/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-18 18:15
Modified
2025-03-07 21:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
Impacted products
{ cisaActionDue: "2023-02-13", cisaExploitAdd: "2023-01-23", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDF15FF-2561-4139-AC5E-4812584B1B03", versionEndExcluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*", matchCriteriaId: "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*", matchCriteriaId: "52DDE5D9-28DE-446F-A402-7BE3C33A4B35", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*", matchCriteriaId: "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*", matchCriteriaId: "59675CC4-8A5C-4668-908C-0886B4B310DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*", matchCriteriaId: "45084336-F1DC-4E5B-A45E-506A779985D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*", matchCriteriaId: "1B2CC071-5BB3-4A25-88F2-DBC56B94D895", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*", matchCriteriaId: "E6FDF373-4711-4B72-A14E-CEB19301C40F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*", matchCriteriaId: "0E0F346C-0445-4D38-8583-3379962B540F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*", matchCriteriaId: "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D", versionEndExcluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*", matchCriteriaId: "1179FC2E-0FCC-4744-85A7-1D68AE742FEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*", matchCriteriaId: "F05F8E9D-1880-4B94-922E-BA61FA112945", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*", matchCriteriaId: "F336B0C2-1F99-4BC7-828B-02E432CB0723", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*", matchCriteriaId: "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*", matchCriteriaId: "46A96B82-49E1-4392-BDCF-CC9753D67A4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*", matchCriteriaId: "837BF464-6D18-4267-8913-D7937C91789B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*", matchCriteriaId: "0243CA85-B856-4ED9-BCD0-5EAB182862CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*", matchCriteriaId: "FB216CD0-B3BD-434D-8FC6-BB60408C128A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FFA4EA7A-B1C1-4750-A11D-89054B77B320", versionEndExcluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*", matchCriteriaId: "16BADE82-3652-4074-BDFF-828B7213CAF6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*", matchCriteriaId: "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*", matchCriteriaId: "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*", matchCriteriaId: "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*", matchCriteriaId: "97EA9324-9377-46E1-A0EA-637128E65DED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*", matchCriteriaId: "EA5BE36E-A73A-4D1C-8185-9692373F1444", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*", matchCriteriaId: "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*", matchCriteriaId: "F505C783-09DE-4045-9DB4-DD850B449A48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*", matchCriteriaId: "212BF664-02DE-457F-91A6-6F824ECC963B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*", matchCriteriaId: "D102B74F-6762-4EFE-BAF7-A7D416867D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*", matchCriteriaId: "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*", matchCriteriaId: "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*", matchCriteriaId: "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*", matchCriteriaId: "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*", matchCriteriaId: "623151CB-4C6B-4068-B173-FE8E73D652F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*", matchCriteriaId: "1D84377E-CB44-4C6A-A665-763A1CD1AF34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*", matchCriteriaId: "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*", matchCriteriaId: "4C568190-1C1B-44FA-B50A-C142A0B8224D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*", matchCriteriaId: "F876B2E2-C2FF-47BE-9F53-5F86606A08CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "B9D72627-17F9-427E-907B-56EA0A498131", versionEndExcluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*", matchCriteriaId: "736740CB-A328-4163-BAC4-6C881A24C8B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*", matchCriteriaId: "9B806083-7309-4215-AF81-DCC4D90B7876", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*", matchCriteriaId: "A741CDA8-D1A8-4F83-AE54-7D3D3C433825", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*", matchCriteriaId: "09563D6F-690B-4C7A-BA25-52D009724A74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*", matchCriteriaId: "30FAC23B-831E-4904-AB3B-85A3C068CEB8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*", matchCriteriaId: "9347D3CF-B5D1-4ACE-83E1-73748EF15120", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*", matchCriteriaId: "322E0562-4586-4DF4-A935-C2447883495B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*", matchCriteriaId: "EB9151D6-BD21-4268-9371-FF702C1AD84B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*", matchCriteriaId: "B371E93E-7C85-42DD-AA7F-9B43D8D02963", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*", matchCriteriaId: "094EEFA4-BD16-4F79-8133-62F9E2C8C675", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*", matchCriteriaId: "DC5A6297-98E3-45C8-95FB-7F4E65D133BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*", matchCriteriaId: "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*", matchCriteriaId: "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*", matchCriteriaId: "7848B31C-AB51-486B-8655-7D7A060BAFFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*", matchCriteriaId: "1CFB5C4A-B717-4CC2-AE03-336C63D17B96", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*", matchCriteriaId: "456D49D7-F04D-4003-B429-8D5504959D04", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*", matchCriteriaId: "BB788440-904B-430E-BF5B-12ADA816477E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*", matchCriteriaId: "876CC4D6-9546-4D39-965A-EF5A4AF4AD93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*", matchCriteriaId: "85432FE8-946F-448D-A92A-FF549EDC52F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*", matchCriteriaId: "813E1389-A949-427C-92C6-3974702FEA5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*", matchCriteriaId: "34A48841-EA09-4917-A6FF-DF645B581426", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*", matchCriteriaId: "1C042646-9D36-4712-9E5D-40E55FCF7C24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*", matchCriteriaId: "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*", matchCriteriaId: "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*", matchCriteriaId: "7E53B3CB-4351-4E24-B80C-D62CC483D4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*", matchCriteriaId: "0068E901-62D2-4C4D-96F8-7823B0DF7DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*", matchCriteriaId: "CF70BA56-3478-4DA5-B013-4D9B820D2219", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7BC9667B-3ECE-4DF8-9C45-95E53736CD68", versionEndExcluding: "6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*", matchCriteriaId: "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*", matchCriteriaId: "B1E4E7ED-317B-471D-B387-24BFE504FD48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*", matchCriteriaId: "1518C214-71A7-4C97-BA40-95D98E0C78BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*", matchCriteriaId: "247ED04D-E067-4A18-8514-9CD635DF4F09", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*", matchCriteriaId: "8AC2C862-7709-44BF-9D0C-1BD63B381001", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*", matchCriteriaId: "1E936706-E1D6-496A-8395-96706AF32F19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*", matchCriteriaId: "CA25E9BB-DDB9-438C-890A-61264C10BFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*", matchCriteriaId: "D71FF123-F797-4E0D-8167-DD4563733879", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*", matchCriteriaId: "1156F671-D6BD-4FA2-924F-1802F157A025", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*", matchCriteriaId: "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*", matchCriteriaId: "E870D833-28A7-45E1-9A6B-26A33D66B507", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2026DE5E-EDDA-4134-A63E-1F01A9ED209F", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "DBEE7368-580D-422E-80DE-079462579BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "92C88B5F-3689-4314-B23E-D9051808C1D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:*", matchCriteriaId: "839EB997-896A-4CD9-BADF-1C2DC2B498F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:*", matchCriteriaId: "7A4DF40E-2941-4A38-9297-42502D7EE0C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:*", matchCriteriaId: "DD056927-1BC0-42A0-8E26-7FC0F4BE58AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:*", matchCriteriaId: "99F6F9CC-5A94-4A74-8D36-BE198424C955", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", matchCriteriaId: "DCF1B243-DA58-42CD-9DF4-6D4A010796D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", matchCriteriaId: "2B73FD0F-6B48-406E-AB29-606CC07C81C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", matchCriteriaId: "CED2C49D-DB96-4495-BD6F-460871D94EDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", matchCriteriaId: "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", matchCriteriaId: "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "BB1E5798-5079-4292-9C11-2F334F8AC825", versionEndExcluding: "6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:*", matchCriteriaId: "37D11E5C-C569-4D9F-BFF8-315F6D458D68", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", matchCriteriaId: "1478BFC3-A0B2-415B-BA1C-AA09D9451C93", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*", matchCriteriaId: "1E270FB5-C447-4C93-9947-2CE50850A46B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*", matchCriteriaId: "496AFB26-1E11-4632-8C10-CD80F601FCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:*", matchCriteriaId: "B2CE86DA-B688-4E9E-AF16-1974858D18BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:*", matchCriteriaId: "4BFA2F57-4506-4B3D-86E8-BE9BEC1134B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "76C7DC97-8BF1-421F-9272-FD301D2D7A3F", versionEndExcluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*", matchCriteriaId: "9BE65B96-74ED-48F1-B86D-CB3387D989CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*", matchCriteriaId: "B4127640-1F60-4687-A24A-22B05A125290", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*", matchCriteriaId: "E42928FB-E0E7-4951-B9B1-CEF60560A945", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*", matchCriteriaId: "43C059E6-E1CA-4792-B383-93062CD82D66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*", matchCriteriaId: "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:*", matchCriteriaId: "6C34175B-0978-4207-BFC0-F38FDFF9B3D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:*", matchCriteriaId: "6CAB911E-5CE6-47BA-9909-C42BDFEE0F5E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "23A6549A-A30E-4693-9BAB-2685DB8C40BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*", matchCriteriaId: "71CED256-A0EF-4933-AE18-421E37D5DB16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*", matchCriteriaId: "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*", matchCriteriaId: "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "969E1FCF-76A0-40BC-A38F-56FCB713419F", versionEndExcluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "298E6401-A9A9-43B6-901F-327944E0AF94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", matchCriteriaId: "35366F60-D6E2-4B29-B593-D24079CE6831", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", matchCriteriaId: "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", matchCriteriaId: "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", matchCriteriaId: "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", matchCriteriaId: "7F529DB6-4D30-49F8-BFE2-C10C1A899917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", matchCriteriaId: "4EA25296-8163-4C98-A8CD-35834240308E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", matchCriteriaId: "33D51403-A976-4EA3-AA23-C699E03239E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", matchCriteriaId: "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "B8F5E8E6-B1AA-4454-86D3-648B67CA915E", versionEndExcluding: "10.1.220.18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "98FAA4DE-2C24-4ED4-9F2C-84CEA3200E31", versionEndExcluding: "11.1.2238.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "8239C2A0-BA6D-4B5C-B02F-617178685D52", versionEndExcluding: "10.1.2220.18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4CA4E3A8-CAB3-461E-8A99-F7D115B17E71", versionEndExcluding: "10.1.2137.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "53EC71FA-E248-4DA5-BA76-746631AC435E", versionEndExcluding: "1.1.2243.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5784980D-CEBB-4982-BD1F-FD8F5F2A039C", versionEndExcluding: "10.1.2220.18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "06A9F459-2C86-4646-B87C-A55381E0939F", versionEndExcluding: "10.1.2228.11", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:*:*:*:*:*:*:*:*", matchCriteriaId: "5D851B9A-EE8F-4634-A26D-BCC44B5CF02A", versionEndExcluding: "10.1.41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "450E672F-FA36-4770-87B6-CC8DA66D2222", versionEndExcluding: "10.1.2220.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).", }, { lang: "es", value: "Múltiples productos locales de Zoho ManageEngine, como ServiceDesk Plus hasta 14003, permiten la ejecución remota de código debido al uso de Apache Santuario xmlsec (también conocido como XML Security para Java) 1.4.1, porque las funciones xmlsec XSLT, por diseño en esa versión, hacen la aplicación responsable de ciertas protecciones de seguridad, y las aplicaciones ManageEngine no proporcionaban esas protecciones. Esto afecta a Access Manager Plus anterior a 4308, Active Directory 360 anterior a 4310, ADAudit Plus anterior a 7081, ADManager Plus anterior a 7162, ADSelfService Plus anterior a 6211, Analytics Plus anterior a 5150, Application Control Plus anterior a 10.1.2220.18, Asset Explorer anterior a 6983, Browser Security Plus antes de 11.1.2238.6, Device Control Plus antes de 10.1.2220.18, Endpoint Central antes de 10.1.2228.11, Endpoint Central MSP antes de 10.1.2228.11, Endpoint DLP antes de 10.1.2137.6, Key Manager Plus antes de 6401, OS Deployer antes de 1.1.2243.1, PAM 360 antes de 5713, Password Manager Pro antes de 12124, Patch Manager Plus antes de 10.1.2220.18, Remote Access Plus antes de 10.1.2228.11, Remote Monitoring and Management (RMM) antes de 10.1.41. ServiceDesk Plus anterior a 14004, ServiceDesk Plus MSP anterior a 13001, SupportCenter Plus anterior a 11026 y Vulnerability Manager Plus anterior a 10.1.2220.18. La explotación solo es posible si alguna vez se ha configurado SAML SSO para un producto (para algunos productos, la explotación requiere que SAML SSO esté actualmente activo).\n", }, ], id: "CVE-2022-47966", lastModified: "2025-03-07T21:04:52.037", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-18T18:15:10.570", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/horizon3ai/CVE-2022-47966", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/horizon3ai/CVE-2022-47966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-23 20:55
Modified
2024-11-21 01:33
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 4.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:*:*:*:*:*:*:*", matchCriteriaId: "028A58B1-855D-41F4-9792-4CE4ADE9783E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.", }, { lang: "es", value: "Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en ZOHO ManageEngine ADSelfService Plus v4.5 Build 4521 permite a atacantes remotos inyectar código web o HTML arbitrario a través de los parámetros (1) searchType y (2) searchString, una vulnerabilidad diferente de CVE-2010-3274.", }, ], id: "CVE-2011-5105", lastModified: "2024-11-21T01:33:38.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-08-23T20:55:02.267", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://jameswebb.me/vulns/vrpth-2011-001.txt", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/520562/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/50717", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://jameswebb.me/vulns/vrpth-2011-001.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/520562/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/50717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-01-07 18:59
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "AC64436A-1539-4803-B82E-336D1CFF32E4", versionEndIncluding: "5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.", }, { lang: "es", value: "Vulnerabilidad de XSS en ZOHO ManageEngine ADSelfService Plus anterior a 5.2 Build 5202 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro name en GroupSubscription.do.", }, ], id: "CVE-2014-3779", lastModified: "2024-11-21T02:08:49.060", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-01-07T18:59:00.043", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 04:08
Severity ?
Summary
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://zoho.com | Vendor Advisory | |
| cve@mitre.org | https://github.com/missing0x00/CVE-2018-5353 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://zoho.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/missing0x00/CVE-2018-5353 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E862E48C-8EC8-477D-ACF9-5FFFAD844D39", versionEndExcluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*", matchCriteriaId: "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required", }, { lang: "es", value: "El módulo GINA/CP personalizado en Zoho ManageEngine ADSelfService Plus versiones anteriores a 5.5 build 5517, permite a atacantes remotos ejecutar código y escalar privilegios mediante una suplantación de identidad. No autentica el servidor deseado antes de abrir una ventana del navegador. Un atacante no autenticado capaz de llevar a cabo un ataque de suplantación de identidad puede redireccionar el navegador para que se ejecute en el contexto del proceso WinLogon.exe. Si no se aplica la autenticación a nivel de red, la vulnerabilidad puede ser explotada mediante RDP. Además, si el servidor web tiene un certificado configurado inapropiadamente, no se requiere ningún ataque de suplantación de identidad", }, ], id: "CVE-2018-5353", lastModified: "2024-11-21T04:08:38.213", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-30T18:15:15.927", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://zoho.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/missing0x00/CVE-2018-5353", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://zoho.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/missing0x00/CVE-2018-5353", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-290", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-07 17:15
Modified
2025-04-03 19:48
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
References
Impacted products
{ cisaActionDue: "2021-11-17", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*", matchCriteriaId: "ADB66864-2B10-4693-89C5-F13AADCAF0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*", matchCriteriaId: "36A2372E-DD10-455D-90C9-C8B5EBA52D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*", matchCriteriaId: "212A1978-367C-417E-B887-6C957B76578C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*", matchCriteriaId: "1261129B-F0FD-4849-A8D9-9CBD99910FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*", matchCriteriaId: "087A729A-A175-4CE5-AF87-510E51125C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*", matchCriteriaId: "EFBB3F80-C322-4015-897D-12736CED3077", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*", matchCriteriaId: "B3D55605-AD61-4D63-BCA9-CAD95020813E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*", matchCriteriaId: "327F7E10-4704-46D9-A82A-8E799181D0DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*", matchCriteriaId: "F515AB67-A302-4A95-BC99-F7F26BA67B44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*", matchCriteriaId: "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*", matchCriteriaId: "C8D9FAD8-419D-4489-AAF7-96953CDB595B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*", matchCriteriaId: "04373F72-E36E-4EFD-8215-C6CF44464DF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*", matchCriteriaId: "126040DD-08A6-45B4-8A41-E47DAF8716FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*", matchCriteriaId: "595F8E5F-068B-4526-A76F-D40EADC56135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*", matchCriteriaId: "C8608BDC-21B0-4C4C-9C1E-540FDCA13671", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*", matchCriteriaId: "3AA24300-1217-4DFA-8247-CF1B83B47C1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*", matchCriteriaId: "AE175D32-95D7-451F-88C0-492B4C827CA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "48B406DA-32D5-4343-B859-FB463B01CFE5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*", matchCriteriaId: "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*", matchCriteriaId: "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*", matchCriteriaId: "FE8675BC-B0AA-4067-B079-FCAE97519B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "82FD8A24-2D01-4D2A-ADDE-51EBCC189332", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "3CDD178D-9CE8-4FC9-8388-BB89DC949924", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "4F3F2942-54CE-41A9-909B-8D5CE515A7FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*", matchCriteriaId: "20D1E7EE-8977-4010-AF5D-843A44853363", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*", matchCriteriaId: "09718DA2-31D3-4CC3-B95D-6A8BE6233700", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*", matchCriteriaId: "A217F6ED-BC7F-46B7-9D43-D75A3D416322", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*", matchCriteriaId: "562397B8-DF54-4585-81B4-3F89816CC8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*", matchCriteriaId: "319E6B84-4D6C-45D2-BF5A-8461202C4463", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*", matchCriteriaId: "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*", matchCriteriaId: "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*", matchCriteriaId: "94E70435-5332-48F3-9602-FCA1EFB617BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*", matchCriteriaId: "AC040DA3-91BB-41CD-ADE3-D2AA0537516D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*", matchCriteriaId: "8E71EE09-F2D6-4981-A962-14DAC49A9A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*", matchCriteriaId: "4709685D-CCF0-4444-99B8-4DC6E3D53A62", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*", matchCriteriaId: "13599F95-25B2-4C21-8174-DA966A49249B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*", matchCriteriaId: "D2CB6693-492A-4607-9D9C-15C746E12864", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*", matchCriteriaId: "35238419-A73A-4333-9F3D-481FAA1D167C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*", matchCriteriaId: "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*", matchCriteriaId: "4E0B4F11-A1E8-4D21-9707-8639A3040840", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*", matchCriteriaId: "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*", matchCriteriaId: "7F229F49-EA44-4D0A-855B-FC586CE8CFA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*", matchCriteriaId: "07AED2F0-F527-4B4A-82FC-F571899F3738", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*", matchCriteriaId: "86396EFE-E4E1-42DB-A206-9D44B977DB95", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*", matchCriteriaId: "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "89042E18-91F4-4EB7-9276-251A94529D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*", matchCriteriaId: "0215A848-4170-42E0-9711-E9922CE82CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*", matchCriteriaId: "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*", matchCriteriaId: "A5D87211-8D8F-420A-AAAC-296FCD214CA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*", matchCriteriaId: "D8C120A3-C62A-4F39-BB9C-546C7AC57D89", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*", matchCriteriaId: "301FC0FF-8064-470E-BFAA-CC54078D1044", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*", matchCriteriaId: "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*", matchCriteriaId: "821E2F3D-5B0C-4985-9934-F80E163EC1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*", matchCriteriaId: "0FFD43E2-8C28-4423-8660-8C9FC996C339", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*", matchCriteriaId: "E9497B19-1845-44C5-8868-332DDE6DD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*", matchCriteriaId: "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", matchCriteriaId: "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones 6113 y anteriores, es vulnerable a una omisión de autenticación de la API REST con una ejecución de código remota resultante", }, ], id: "CVE-2021-40539", lastModified: "2025-04-03T19:48:33.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-09-07T17:15:07.367", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-706", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-02-17 18:00
Modified
2024-11-21 01:18
Severity ?
Summary
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "40A75087-E063-4DDE-8C0A-296A2F3A29FD", versionEndIncluding: "4.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos restablecer las contraseñas de usuario, y en consecuencia obtener acceso a cuentas de usuario arbitrarias al proporcionar un identificador de usuario a accounts/ValidateUser, y, a continuación proporcionando una nueva contraseña para accounts/ResetResult.", }, ], id: "CVE-2010-3273", lastModified: "2024-11-21T01:18:24.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-02-17T18:00:02.997", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43241", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/8089", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/70869", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/46331", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/8089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/70869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/46331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-06 05:15
Modified
2024-11-21 08:08
Severity ?
Summary
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6122:*:*:*:*:*:*", matchCriteriaId: "D3EFB734-E7F3-482E-9A64-DD1A0A6B1E5F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.", }, { lang: "es", value: "ManageEngine ADSelfService Plus GINA Client Verificación insuficiente de autenticidad de datos Vulnerabilidad de omisión de autenticación. Esta vulnerabilidad permite a atacantes físicamente presentes ejecutar código arbitrario en instalaciones afectadas de ManageEngine ADSelfService Plus. No se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe en el Portal de restablecimiento de contraseña utilizado por el cliente GINA. El problema se debe a la falta de autenticación adecuada de los datos recibidos a través de HTTP. Un atacante puede aprovechar esta vulnerabilidad para eludir la autenticación y ejecutar código en el contexto de SYSTEM. Era ZDI-CAN-17009.", }, ], id: "CVE-2023-35719", lastModified: "2024-11-21T08:08:34.217", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-06T05:15:42.437", references: [ { source: "zdi-disclosures@trendmicro.com", url: "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-891", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-891", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-10 16:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones 6111 y anteriores, es vulnerable a una inyección SQL mientras se vinculan las bases de datos", }, ], id: "CVE-2021-37422", lastModified: "2024-11-21T06:15:07.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-10T16:15:07.237", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-26 18:29
Modified
2024-11-21 04:01
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:4500:*:*:*:*:*:*", matchCriteriaId: "796A4512-DC6E-42A1-9A57-D4F446A9BC34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5032:*:*:*:*:*:*", matchCriteriaId: "4C202C90-B792-4E0C-B7A9-C06FDB7C30DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5040:*:*:*:*:*:*", matchCriteriaId: "42F19FC5-6C75-458A-9B90-376D0D1B0C59", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5041:*:*:*:*:*:*", matchCriteriaId: "6DC23258-D431-40C0-9853-E08D36A225FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5100:*:*:*:*:*:*", matchCriteriaId: "D8AF9E70-E4F7-4BB1-9D49-33633AB9CE82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5101:*:*:*:*:*:*", matchCriteriaId: "D1174A0E-EFA2-4FAA-B42A-A0D4FAAD592D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5102:*:*:*:*:*:*", matchCriteriaId: "A99912DA-82E6-4FD6-8916-635637941335", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5103:*:*:*:*:*:*", matchCriteriaId: "FC5FA48C-6B99-4B80-9256-694BD4174557", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5104:*:*:*:*:*:*", matchCriteriaId: "6D860882-A106-4771-87DF-9ADE482F41DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5105:*:*:*:*:*:*", matchCriteriaId: "0DD127BF-200A-45F5-9357-5024C76E7B12", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5106:*:*:*:*:*:*", matchCriteriaId: "8D2143C4-D4A0-4AE5-86D2-D3DEFD27C9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5107:*:*:*:*:*:*", matchCriteriaId: "1745145D-493D-4181-B011-46490BBF5A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5108:*:*:*:*:*:*", matchCriteriaId: "8A9605CA-8368-47D1-964A-684E099212D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5109:*:*:*:*:*:*", matchCriteriaId: "109303F0-F6C6-4BC7-9011-BAAD6B1D043E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5110:*:*:*:*:*:*", matchCriteriaId: "39BC2BEF-89B7-48F0-BAFC-26B1DE0E7EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5111:*:*:*:*:*:*", matchCriteriaId: "BA12CCBE-5C43-4FF8-A9A5-63B91AA14C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5112:*:*:*:*:*:*", matchCriteriaId: "270B44CA-F153-4EF8-8E0B-276E80C8ADB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5113:*:*:*:*:*:*", matchCriteriaId: "6EC9A6C6-3D3E-411F-89EF-CAFCF66D8222", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5114:*:*:*:*:*:*", matchCriteriaId: "CD55F212-950A-4421-9C73-80287647719F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5115:*:*:*:*:*:*", matchCriteriaId: "61E19A98-DF1A-44B0-AB69-6822F9110FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5116:*:*:*:*:*:*", matchCriteriaId: "7AA56B14-E4B5-4373-81F3-ECFD30DC897B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5200:*:*:*:*:*:*", matchCriteriaId: "77F2C9F3-67ED-4337-9EC8-A164ADCBFB5B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5201:*:*:*:*:*:*", matchCriteriaId: "DE73451C-7289-4832-84A7-1A9D8CFE5EF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5202:*:*:*:*:*:*", matchCriteriaId: "74AB64C4-625A-4369-8F16-3145B85A5DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5203:*:*:*:*:*:*", matchCriteriaId: "5C8E8A1A-AA00-48AC-BB5F-59DA174A4F71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5204:*:*:*:*:*:*", matchCriteriaId: "797C805C-68D4-4B5A-8AD8-C2036692C616", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5205:*:*:*:*:*:*", matchCriteriaId: "50D245E8-5719-41B6-95C0-A2CACE88676D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5206:*:*:*:*:*:*", matchCriteriaId: "809A4666-41E7-48B8-A9FA-A24A71EC5A1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5207:*:*:*:*:*:*", matchCriteriaId: "6BEADFCD-8A32-4D59-908A-37E9E3A52E49", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5300:*:*:*:*:*:*", matchCriteriaId: "28409900-B268-437E-B474-1CDF7C654161", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5301:*:*:*:*:*:*", matchCriteriaId: "E4A44B27-87F1-47F2-8596-663C63F4C1DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5302:*:*:*:*:*:*", matchCriteriaId: "7ACD689D-709B-471F-9C86-66E22E91DBCA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5303:*:*:*:*:*:*", matchCriteriaId: "749731D7-2431-4DBC-9E76-4BFB8F8C57C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5304:*:*:*:*:*:*", matchCriteriaId: "5B0B3278-EE00-40F5-8372-9AFA6F44B765", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5305:*:*:*:*:*:*", matchCriteriaId: "916DEBE1-C3AB-415B-9463-1A4253F609C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5306:*:*:*:*:*:*", matchCriteriaId: "5CFBBCCD-7625-4C73-AFCA-924DFAC48BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5307:*:*:*:*:*:*", matchCriteriaId: "FA24BDA1-675D-45E2-A0F8-041CC6DF1D39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5308:*:*:*:*:*:*", matchCriteriaId: "CE4EA03B-33D0-4057-A80C-4AF69D22FF38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5309:*:*:*:*:*:*", matchCriteriaId: "0BA96538-C2F8-42C2-AF49-55B7D216B17B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5310:*:*:*:*:*:*", matchCriteriaId: "D9227C12-AFD7-4481-8495-998F9AB4E668", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5311:*:*:*:*:*:*", matchCriteriaId: "17755902-5421-45C1-8952-70771E8C79A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5312:*:*:*:*:*:*", matchCriteriaId: "CA16BF41-2F02-422A-A92F-40EA8BF7A75F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5313:*:*:*:*:*:*", matchCriteriaId: "54C11E83-F0BA-4C47-875E-7CFEC447728E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5314:*:*:*:*:*:*", matchCriteriaId: "DDF73A07-905D-4F26-848B-84C3A9F1630C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5315:*:*:*:*:*:*", matchCriteriaId: "5EE92704-67CE-4D3A-97D1-BEAB1CFFC70C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5316:*:*:*:*:*:*", matchCriteriaId: "ABFB14B0-F81C-4C7A-B1EF-EF8C4D779576", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5317:*:*:*:*:*:*", matchCriteriaId: "219F3924-899B-4D14-90FF-E1F8B8A6B5F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5318:*:*:*:*:*:*", matchCriteriaId: "4C222551-E231-43E3-98BD-773FDB68D589", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5319:*:*:*:*:*:*", matchCriteriaId: "DAD582DE-6811-4D78-899C-933D1D409EF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5320:*:*:*:*:*:*", matchCriteriaId: "7D7BF363-19F5-4655-9A8C-AFF535AF0558", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5321:*:*:*:*:*:*", matchCriteriaId: "962CABE0-C8AF-4C2F-81D7-12D232C390F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5322:*:*:*:*:*:*", matchCriteriaId: "613D8FD3-7086-4E59-A012-884A094BAD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5323:*:*:*:*:*:*", matchCriteriaId: "7D14A1B5-95A8-4F62-B06A-8BA4641CC35E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5324:*:*:*:*:*:*", matchCriteriaId: "F3C27B95-B5AB-4BBD-9701-85560CC020CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5325:*:*:*:*:*:*", matchCriteriaId: "7B46B8A8-2C90-44C8-A5C9-186593D0A556", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5326:*:*:*:*:*:*", matchCriteriaId: "2CA0E58E-2535-422A-AF35-3EF017792570", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5327:*:*:*:*:*:*", matchCriteriaId: "8CC89F07-DD8C-4DD9-BE80-D9DA689A4D19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5328:*:*:*:*:*:*", matchCriteriaId: "AD53F8D8-34A0-46F0-9AC9-EF088B4C9AB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5329:*:*:*:*:*:*", matchCriteriaId: "A9B6BA8A-8709-4E8E-A42E-85B0E99818E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5330:*:*:*:*:*:*", matchCriteriaId: "B0F00049-CA99-4A6B-B347-78768BF19DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5400:*:*:*:*:*:*", matchCriteriaId: "30A10B00-E8DD-445D-AFC3-DC7DAF42724F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5500:*:*:*:*:*:*", matchCriteriaId: "CBEEB6C7-764D-4012-9656-FC76F43A53EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5501:*:*:*:*:*:*", matchCriteriaId: "86F5057B-4DFA-43A0-B604-9CACEEE926E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5502:*:*:*:*:*:*", matchCriteriaId: "5EF382C0-392B-4DA9-AFA2-3CD933615E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5503:*:*:*:*:*:*", matchCriteriaId: "78019D71-4598-4095-AAF4-13DCD93F842F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5504:*:*:*:*:*:*", matchCriteriaId: "3C6F69D0-1595-42E9-B812-63C133965E16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5505:*:*:*:*:*:*", matchCriteriaId: "30D743E2-FE10-43BB-9514-4581F33F2C34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5506:*:*:*:*:*:*", matchCriteriaId: "D4639A68-BAA3-4669-B2F1-AD381A25464D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5507:*:*:*:*:*:*", matchCriteriaId: "DF69BD50-A3B7-4C9C-83ED-088EBB977F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5508:*:*:*:*:*:*", matchCriteriaId: "0313F401-85DC-4DF0-AEAD-A8D6885902CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5509:*:*:*:*:*:*", matchCriteriaId: "924F6A44-0E30-46A9-990E-DA44AA61C012", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5510:*:*:*:*:*:*", matchCriteriaId: "C514F02D-DB00-4B05-A53C-A13310FE9E4A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5511:*:*:*:*:*:*", matchCriteriaId: "D013876C-9433-4576-84B5-464649CC8199", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5512:*:*:*:*:*:*", matchCriteriaId: "8DFA286F-0C4E-4C56-8FFB-15481594FE42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5513:*:*:*:*:*:*", matchCriteriaId: "D86056BB-3CF4-4C8A-B685-1E88E25429F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5514:*:*:*:*:*:*", matchCriteriaId: "BDE0C598-57A7-4EEF-A98C-44B871955BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5515:*:*:*:*:*:*", matchCriteriaId: "C6F752FD-8B2C-4636-B7DD-343D2DEDE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5516:*:*:*:*:*:*", matchCriteriaId: "B435C1CA-2DD6-4DC7-B7B1-9B232EA5CFC3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5517:*:*:*:*:*:*", matchCriteriaId: "48A77EA0-C382-4A81-9EE3-48F7AC8AFEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5518:*:*:*:*:*:*", matchCriteriaId: "48907141-7B99-4D1A-955D-7E98B46E5A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5519:*:*:*:*:*:*", matchCriteriaId: "C894A206-F09A-4D6A-9675-618CD8FEFD08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5520:*:*:*:*:*:*", matchCriteriaId: "52028275-3CFA-4AB0-8013-018FF88C11B0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5521:*:*:*:*:*:*", matchCriteriaId: "2864B47E-79C8-4FE4-97E5-3C85C926CA21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5600:*:*:*:*:*:*", matchCriteriaId: "627B72C4-8311-414D-AA55-EC5F71794F58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5601:*:*:*:*:*:*", matchCriteriaId: "74839837-94FC-4A6F-8DE2-358A7AD28D28", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5602:*:*:*:*:*:*", matchCriteriaId: "66B9BB15-FA78-4C05-8670-610DD790FF75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5603:*:*:*:*:*:*", matchCriteriaId: "166217A8-C306-4C79-A33F-D45032F2D1E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5604:*:*:*:*:*:*", matchCriteriaId: "EFC0E47A-8807-441D-BEFA-1E9A71EDA7C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5605:*:*:*:*:*:*", matchCriteriaId: "06395B41-9538-42FF-8ADB-E750F5C5B2C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5606:*:*:*:*:*:*", matchCriteriaId: "0DF7379A-F56E-4A2D-8099-2C0E72B8ACA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus, en versiones 5.7 anteriores a la build 5702, tiene Cross-Site Scripting (XSS) en la implementación del diseño de autoactualización.", }, ], id: "CVE-2018-20484", lastModified: "2024-11-21T04:01:34.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-26T18:29:00.543", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 20:15
Modified
2024-11-21 06:59
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "ED61D61A-99CB-4279-AEF4-4F5D509AAAB6", versionEndExcluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:-:*:*:*:*:*:*", matchCriteriaId: "4647CCE1-92BF-486A-A245-2E6BADC14C4D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7000:*:*:*:*:*:*", matchCriteriaId: "AC907344-7ACC-41CA-AA1D-8AEE1C604F92", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7002:*:*:*:*:*:*", matchCriteriaId: "6957BD6B-3CCB-4C45-B3E9-DE988CDEF122", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7003:*:*:*:*:*:*", matchCriteriaId: "B932650D-3BCF-4A9C-B518-04C212925C1D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7004:*:*:*:*:*:*", matchCriteriaId: "FF8CFB6B-DD8F-45BD-9F17-7BE6014AFE17", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7005:*:*:*:*:*:*", matchCriteriaId: "583C263D-F219-434C-A452-9F4A337FAF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7006:*:*:*:*:*:*", matchCriteriaId: "154B0AC9-FB9F-42FC-85FF-B6F4DA77F625", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7007:*:*:*:*:*:*", matchCriteriaId: "2C71406B-D0A7-480F-BD70-F01AF8800749", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7008:*:*:*:*:*:*", matchCriteriaId: "5643057F-7579-465C-9C0F-F83617C6BE02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7050:*:*:*:*:*:*", matchCriteriaId: "BD6AFBED-42E1-400B-A198-71220D228770", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7051:*:*:*:*:*:*", matchCriteriaId: "6F4BB38D-4E2A-41A0-8ED2-5D23FDE1BF6E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7052:*:*:*:*:*:*", matchCriteriaId: "E14468CC-1FAF-4F3C-872A-283923E11BBE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7053:*:*:*:*:*:*", matchCriteriaId: "F05B3F91-1ECB-4000-A0E1-814DC82CE9DE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7054:*:*:*:*:*:*", matchCriteriaId: "F216675D-EC1B-4C67-ACA4-002C3A31976D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7055:*:*:*:*:*:*", matchCriteriaId: "A70FBB7E-A8D7-4DF9-BF7C-C6E8FC6FFCA4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "B9D72627-17F9-427E-907B-56EA0A498131", versionEndExcluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*", matchCriteriaId: "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*", matchCriteriaId: "736740CB-A328-4163-BAC4-6C881A24C8B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*", matchCriteriaId: "9B806083-7309-4215-AF81-DCC4D90B7876", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*", matchCriteriaId: "A741CDA8-D1A8-4F83-AE54-7D3D3C433825", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*", matchCriteriaId: "09563D6F-690B-4C7A-BA25-52D009724A74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*", matchCriteriaId: "30FAC23B-831E-4904-AB3B-85A3C068CEB8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*", matchCriteriaId: "9347D3CF-B5D1-4ACE-83E1-73748EF15120", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*", matchCriteriaId: "322E0562-4586-4DF4-A935-C2447883495B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*", matchCriteriaId: "EB9151D6-BD21-4268-9371-FF702C1AD84B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*", matchCriteriaId: "B371E93E-7C85-42DD-AA7F-9B43D8D02963", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*", matchCriteriaId: "094EEFA4-BD16-4F79-8133-62F9E2C8C675", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*", matchCriteriaId: "DC5A6297-98E3-45C8-95FB-7F4E65D133BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*", matchCriteriaId: "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*", matchCriteriaId: "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*", matchCriteriaId: "7848B31C-AB51-486B-8655-7D7A060BAFFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*", matchCriteriaId: "1CFB5C4A-B717-4CC2-AE03-336C63D17B96", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*", matchCriteriaId: "456D49D7-F04D-4003-B429-8D5504959D04", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*", matchCriteriaId: "BB788440-904B-430E-BF5B-12ADA816477E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*", matchCriteriaId: "876CC4D6-9546-4D39-965A-EF5A4AF4AD93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*", matchCriteriaId: "85432FE8-946F-448D-A92A-FF549EDC52F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*", matchCriteriaId: "813E1389-A949-427C-92C6-3974702FEA5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", matchCriteriaId: "17270CDC-C800-4B5A-BEAA-83AF455BBBEA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", matchCriteriaId: "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*", matchCriteriaId: "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*", matchCriteriaId: "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*", matchCriteriaId: "2EC89DCA-D24A-46BB-8086-C306BB4CDABD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*", matchCriteriaId: "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*", matchCriteriaId: "E319DA11-0C76-4F52-A197-FFBF4F30BB55", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*", matchCriteriaId: "B928577F-3183-4305-9009-A8C6970477D6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*", matchCriteriaId: "CE6F33B5-418E-4B38-81EB-090E4F3AF89A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*", matchCriteriaId: "3FC399C6-4299-4744-9FC5-13CFE7478164", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "E913F3D6-9F94-4130-94FF-37F4D81BAEF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, ADAuditPlus versión 7060, Exchange Reporter Plus versión 5701, y ADManagerPlus versión 7131, permiten una divulgación de NTLM Hash durante determinados pasos de configuración de la ruta de almacenamiento", }, ], id: "CVE-2022-29457", lastModified: "2024-11-21T06:59:07.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T20:15:09.263", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-18 22:15
Modified
2024-11-21 04:33
Severity ?
Summary
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*", matchCriteriaId: "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "82FD8A24-2D01-4D2A-ADDE-51EBCC189332", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "3CDD178D-9CE8-4FC9-8388-BB89DC949924", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "4F3F2942-54CE-41A9-909B-8D5CE515A7FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*", matchCriteriaId: "20D1E7EE-8977-4010-AF5D-843A44853363", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*", matchCriteriaId: "A217F6ED-BC7F-46B7-9D43-D75A3D416322", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*", matchCriteriaId: "562397B8-DF54-4585-81B4-3F89816CC8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*", matchCriteriaId: "319E6B84-4D6C-45D2-BF5A-8461202C4463", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*", matchCriteriaId: "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*", matchCriteriaId: "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*", matchCriteriaId: "94E70435-5332-48F3-9602-FCA1EFB617BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*", matchCriteriaId: "AC040DA3-91BB-41CD-ADE3-D2AA0537516D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*", matchCriteriaId: "8E71EE09-F2D6-4981-A962-14DAC49A9A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*", matchCriteriaId: "4709685D-CCF0-4444-99B8-4DC6E3D53A62", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.", }, { lang: "es", value: "Se detectó una vulnerabilidad de redireccionamiento abierto en Zoho ManageEngine ADSelfService Plus versiones 5.x anteriores a 5809, lo que permite a atacantes obligar a usuarios que hacen clic en un enlace diseñado a ser enviados a un sitio externo específico.", }, ], id: "CVE-2019-18781", lastModified: "2024-11-21T04:33:33.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-18T22:15:13.627", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 13:15
Modified
2025-03-27 13:58
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
References
Impacted products
{ cisaActionDue: "2023-03-28", cisaExploitAdd: "2023-03-07", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", matchCriteriaId: "17270CDC-C800-4B5A-BEAA-83AF455BBBEA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", matchCriteriaId: "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*", matchCriteriaId: "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*", matchCriteriaId: "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*", matchCriteriaId: "2EC89DCA-D24A-46BB-8086-C306BB4CDABD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*", matchCriteriaId: "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*", matchCriteriaId: "E319DA11-0C76-4F52-A197-FFBF4F30BB55", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*", matchCriteriaId: "B928577F-3183-4305-9009-A8C6970477D6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*", matchCriteriaId: "CE6F33B5-418E-4B38-81EB-090E4F3AF89A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6121:*:*:*:*:*:*", matchCriteriaId: "1DD9B2CF-8EBE-454D-8A81-873C0A8ACAA9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus antes de la compilación 6122 permite a un administrador remoto autenticado ejecutar comandos arbitrarios del sistema operativo como SYSTEM a través de la función de script personalizado de la política. Debido al uso de una contraseña de administrador por defecto, los atacantes pueden ser capaces de abusar de esta funcionalidad con un esfuerzo mínimo. Además, un atacante remoto y parcialmente autenticado puede ser capaz de inyectar comandos arbitrarios en el script personalizado debido a un campo de contraseña no saneado", }, ], id: "CVE-2022-28810", lastModified: "2025-03-27T13:58:07.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:H/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-04-18T13:15:08.233", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/rapid7/metasploit-framework/pull/16475", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Technical Description", "Third Party Advisory", ], url: "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/rapid7/metasploit-framework/pull/16475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Technical Description", "Third Party Advisory", ], url: "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-20 12:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/970198175/Simply-use | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/970198175/Simply-use | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", matchCriteriaId: "17270CDC-C800-4B5A-BEAA-83AF455BBBEA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have \"found no evidence or detail of a security vulnerability.\"", }, ], id: "CVE-2023-35854", lastModified: "2024-11-21T08:08:49.827", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-20T12:15:09.690", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/970198175/Simply-use", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/970198175/Simply-use", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.manageengine.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-05 19:15
Modified
2025-02-13 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*", matchCriteriaId: "ADB66864-2B10-4693-89C5-F13AADCAF0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*", matchCriteriaId: "36A2372E-DD10-455D-90C9-C8B5EBA52D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*", matchCriteriaId: "212A1978-367C-417E-B887-6C957B76578C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*", matchCriteriaId: "1261129B-F0FD-4849-A8D9-9CBD99910FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*", matchCriteriaId: "087A729A-A175-4CE5-AF87-510E51125C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*", matchCriteriaId: "EFBB3F80-C322-4015-897D-12736CED3077", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*", matchCriteriaId: "B3D55605-AD61-4D63-BCA9-CAD95020813E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*", matchCriteriaId: "327F7E10-4704-46D9-A82A-8E799181D0DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*", matchCriteriaId: "F515AB67-A302-4A95-BC99-F7F26BA67B44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*", matchCriteriaId: "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*", matchCriteriaId: "C8D9FAD8-419D-4489-AAF7-96953CDB595B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*", matchCriteriaId: "04373F72-E36E-4EFD-8215-C6CF44464DF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*", matchCriteriaId: "126040DD-08A6-45B4-8A41-E47DAF8716FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*", matchCriteriaId: "595F8E5F-068B-4526-A76F-D40EADC56135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*", matchCriteriaId: "C8608BDC-21B0-4C4C-9C1E-540FDCA13671", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*", matchCriteriaId: "3AA24300-1217-4DFA-8247-CF1B83B47C1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*", matchCriteriaId: "AE175D32-95D7-451F-88C0-492B4C827CA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "48B406DA-32D5-4343-B859-FB463B01CFE5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*", matchCriteriaId: "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*", matchCriteriaId: "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*", matchCriteriaId: "FE8675BC-B0AA-4067-B079-FCAE97519B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "82FD8A24-2D01-4D2A-ADDE-51EBCC189332", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "3CDD178D-9CE8-4FC9-8388-BB89DC949924", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "4F3F2942-54CE-41A9-909B-8D5CE515A7FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*", matchCriteriaId: "20D1E7EE-8977-4010-AF5D-843A44853363", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*", matchCriteriaId: "09718DA2-31D3-4CC3-B95D-6A8BE6233700", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*", matchCriteriaId: "A217F6ED-BC7F-46B7-9D43-D75A3D416322", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*", matchCriteriaId: "562397B8-DF54-4585-81B4-3F89816CC8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*", matchCriteriaId: "319E6B84-4D6C-45D2-BF5A-8461202C4463", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*", matchCriteriaId: "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*", matchCriteriaId: "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*", matchCriteriaId: "94E70435-5332-48F3-9602-FCA1EFB617BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*", matchCriteriaId: "AC040DA3-91BB-41CD-ADE3-D2AA0537516D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*", matchCriteriaId: "8E71EE09-F2D6-4981-A962-14DAC49A9A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*", matchCriteriaId: "4709685D-CCF0-4444-99B8-4DC6E3D53A62", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*", matchCriteriaId: "13599F95-25B2-4C21-8174-DA966A49249B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*", matchCriteriaId: "D2CB6693-492A-4607-9D9C-15C746E12864", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*", matchCriteriaId: "35238419-A73A-4333-9F3D-481FAA1D167C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*", matchCriteriaId: "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*", matchCriteriaId: "4E0B4F11-A1E8-4D21-9707-8639A3040840", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*", matchCriteriaId: "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*", matchCriteriaId: "7F229F49-EA44-4D0A-855B-FC586CE8CFA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*", matchCriteriaId: "07AED2F0-F527-4B4A-82FC-F571899F3738", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*", matchCriteriaId: "86396EFE-E4E1-42DB-A206-9D44B977DB95", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*", matchCriteriaId: "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "89042E18-91F4-4EB7-9276-251A94529D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*", matchCriteriaId: "0215A848-4170-42E0-9711-E9922CE82CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*", matchCriteriaId: "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*", matchCriteriaId: "A5D87211-8D8F-420A-AAAC-296FCD214CA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*", matchCriteriaId: "D8C120A3-C62A-4F39-BB9C-546C7AC57D89", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*", matchCriteriaId: "301FC0FF-8064-470E-BFAA-CC54078D1044", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*", matchCriteriaId: "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*", matchCriteriaId: "821E2F3D-5B0C-4985-9934-F80E163EC1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*", matchCriteriaId: "0FFD43E2-8C28-4423-8660-8C9FC996C339", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*", matchCriteriaId: "E9497B19-1845-44C5-8868-332DDE6DD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*", matchCriteriaId: "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", matchCriteriaId: "17270CDC-C800-4B5A-BEAA-83AF455BBBEA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", matchCriteriaId: "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*", matchCriteriaId: "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*", matchCriteriaId: "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*", matchCriteriaId: "2EC89DCA-D24A-46BB-8086-C306BB4CDABD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*", matchCriteriaId: "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*", matchCriteriaId: "E319DA11-0C76-4F52-A197-FFBF4F30BB55", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*", matchCriteriaId: "B928577F-3183-4305-9009-A8C6970477D6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*", matchCriteriaId: "CE6F33B5-418E-4B38-81EB-090E4F3AF89A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6121:*:*:*:*:*:*", matchCriteriaId: "1DD9B2CF-8EBE-454D-8A81-873C0A8ACAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6122:*:*:*:*:*:*", matchCriteriaId: "D3EFB734-E7F3-482E-9A64-DD1A0A6B1E5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6123:*:*:*:*:*:*", matchCriteriaId: "C15CB1F2-9172-48D6-AD64-EFBC97AB87B7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*", matchCriteriaId: "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*", matchCriteriaId: "B1E4E7ED-317B-471D-B387-24BFE504FD48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*", matchCriteriaId: "1518C214-71A7-4C97-BA40-95D98E0C78BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*", matchCriteriaId: "247ED04D-E067-4A18-8514-9CD635DF4F09", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*", matchCriteriaId: "8AC2C862-7709-44BF-9D0C-1BD63B381001", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*", matchCriteriaId: "1E936706-E1D6-496A-8395-96706AF32F19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*", matchCriteriaId: "CA25E9BB-DDB9-438C-890A-61264C10BFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*", matchCriteriaId: "D71FF123-F797-4E0D-8167-DD4563733879", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*", matchCriteriaId: "1156F671-D6BD-4FA2-924F-1802F157A025", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*", matchCriteriaId: "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*", matchCriteriaId: "E870D833-28A7-45E1-9A6B-26A33D66B507", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6211:*:*:*:*:*:*", matchCriteriaId: "D7E0ED07-E432-47FD-A2B5-6F591FF2A64F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6212:*:*:*:*:*:*", matchCriteriaId: "73E7D08E-E2AA-48AE-ABFF-0E46026B47FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6213:*:*:*:*:*:*", matchCriteriaId: "430B78F8-F860-4911-9F7E-710386BF2166", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6214:*:*:*:*:*:*", matchCriteriaId: "E926BB96-B0F6-4FC7-BACE-F658FA63F868", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6215:*:*:*:*:*:*", matchCriteriaId: "F5DC4C8C-41C8-45B2-A077-FB325F80E22F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6216:*:*:*:*:*:*", matchCriteriaId: "FB581F7E-EF4C-4BFF-AA29-1875F0280BF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6217:*:*:*:*:*:*", matchCriteriaId: "016F55FB-5F14-451F-9F93-479426146925", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.", }, ], id: "CVE-2023-28342", lastModified: "2025-02-13T16:15:41.173", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-05T19:15:09.517", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-23 20:15
Modified
2024-11-21 07:12
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7BC9667B-3ECE-4DF8-9C45-95E53736CD68", versionEndExcluding: "6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*", matchCriteriaId: "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*", matchCriteriaId: "B1E4E7ED-317B-471D-B387-24BFE504FD48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*", matchCriteriaId: "1518C214-71A7-4C97-BA40-95D98E0C78BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*", matchCriteriaId: "247ED04D-E067-4A18-8514-9CD635DF4F09", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*", matchCriteriaId: "8AC2C862-7709-44BF-9D0C-1BD63B381001", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*", matchCriteriaId: "1E936706-E1D6-496A-8395-96706AF32F19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*", matchCriteriaId: "CA25E9BB-DDB9-438C-890A-61264C10BFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*", matchCriteriaId: "D71FF123-F797-4E0D-8167-DD4563733879", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*", matchCriteriaId: "1156F671-D6BD-4FA2-924F-1802F157A025", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*", matchCriteriaId: "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*", matchCriteriaId: "E870D833-28A7-45E1-9A6B-26A33D66B507", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6211:*:*:*:*:*:*", matchCriteriaId: "D7E0ED07-E432-47FD-A2B5-6F591FF2A64F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6212:*:*:*:*:*:*", matchCriteriaId: "73E7D08E-E2AA-48AE-ABFF-0E46026B47FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6213:*:*:*:*:*:*", matchCriteriaId: "430B78F8-F860-4911-9F7E-710386BF2166", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6214:*:*:*:*:*:*", matchCriteriaId: "E926BB96-B0F6-4FC7-BACE-F658FA63F868", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6215:*:*:*:*:*:*", matchCriteriaId: "F5DC4C8C-41C8-45B2-A077-FB325F80E22F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6216:*:*:*:*:*:*", matchCriteriaId: "FB581F7E-EF4C-4BFF-AA29-1875F0280BF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6217:*:*:*:*:*:*", matchCriteriaId: "016F55FB-5F14-451F-9F93-479426146925", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.", }, ], id: "CVE-2022-36413", lastModified: "2024-11-21T07:12:57.873", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-23T20:15:14.313", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-03 19:29
Modified
2024-11-21 04:01
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/ | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html#5701 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html#5701 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:4500:*:*:*:*:*:*", matchCriteriaId: "796A4512-DC6E-42A1-9A57-D4F446A9BC34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5032:*:*:*:*:*:*", matchCriteriaId: "4C202C90-B792-4E0C-B7A9-C06FDB7C30DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5040:*:*:*:*:*:*", matchCriteriaId: "42F19FC5-6C75-458A-9B90-376D0D1B0C59", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5041:*:*:*:*:*:*", matchCriteriaId: "6DC23258-D431-40C0-9853-E08D36A225FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5100:*:*:*:*:*:*", matchCriteriaId: "D8AF9E70-E4F7-4BB1-9D49-33633AB9CE82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5101:*:*:*:*:*:*", matchCriteriaId: "D1174A0E-EFA2-4FAA-B42A-A0D4FAAD592D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5102:*:*:*:*:*:*", matchCriteriaId: "A99912DA-82E6-4FD6-8916-635637941335", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5103:*:*:*:*:*:*", matchCriteriaId: "FC5FA48C-6B99-4B80-9256-694BD4174557", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5104:*:*:*:*:*:*", matchCriteriaId: "6D860882-A106-4771-87DF-9ADE482F41DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5105:*:*:*:*:*:*", matchCriteriaId: "0DD127BF-200A-45F5-9357-5024C76E7B12", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5106:*:*:*:*:*:*", matchCriteriaId: "8D2143C4-D4A0-4AE5-86D2-D3DEFD27C9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5107:*:*:*:*:*:*", matchCriteriaId: "1745145D-493D-4181-B011-46490BBF5A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5108:*:*:*:*:*:*", matchCriteriaId: "8A9605CA-8368-47D1-964A-684E099212D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5109:*:*:*:*:*:*", matchCriteriaId: "109303F0-F6C6-4BC7-9011-BAAD6B1D043E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5110:*:*:*:*:*:*", matchCriteriaId: "39BC2BEF-89B7-48F0-BAFC-26B1DE0E7EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5111:*:*:*:*:*:*", matchCriteriaId: "BA12CCBE-5C43-4FF8-A9A5-63B91AA14C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5112:*:*:*:*:*:*", matchCriteriaId: "270B44CA-F153-4EF8-8E0B-276E80C8ADB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5113:*:*:*:*:*:*", matchCriteriaId: "6EC9A6C6-3D3E-411F-89EF-CAFCF66D8222", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5114:*:*:*:*:*:*", matchCriteriaId: "CD55F212-950A-4421-9C73-80287647719F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5115:*:*:*:*:*:*", matchCriteriaId: "61E19A98-DF1A-44B0-AB69-6822F9110FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5116:*:*:*:*:*:*", matchCriteriaId: "7AA56B14-E4B5-4373-81F3-ECFD30DC897B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5200:*:*:*:*:*:*", matchCriteriaId: "77F2C9F3-67ED-4337-9EC8-A164ADCBFB5B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5201:*:*:*:*:*:*", matchCriteriaId: "DE73451C-7289-4832-84A7-1A9D8CFE5EF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5202:*:*:*:*:*:*", matchCriteriaId: "74AB64C4-625A-4369-8F16-3145B85A5DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5203:*:*:*:*:*:*", matchCriteriaId: "5C8E8A1A-AA00-48AC-BB5F-59DA174A4F71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5204:*:*:*:*:*:*", matchCriteriaId: "797C805C-68D4-4B5A-8AD8-C2036692C616", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5205:*:*:*:*:*:*", matchCriteriaId: "50D245E8-5719-41B6-95C0-A2CACE88676D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5206:*:*:*:*:*:*", matchCriteriaId: "809A4666-41E7-48B8-A9FA-A24A71EC5A1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5207:*:*:*:*:*:*", matchCriteriaId: "6BEADFCD-8A32-4D59-908A-37E9E3A52E49", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5300:*:*:*:*:*:*", matchCriteriaId: "28409900-B268-437E-B474-1CDF7C654161", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5301:*:*:*:*:*:*", matchCriteriaId: "E4A44B27-87F1-47F2-8596-663C63F4C1DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5302:*:*:*:*:*:*", matchCriteriaId: "7ACD689D-709B-471F-9C86-66E22E91DBCA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5303:*:*:*:*:*:*", matchCriteriaId: "749731D7-2431-4DBC-9E76-4BFB8F8C57C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5304:*:*:*:*:*:*", matchCriteriaId: "5B0B3278-EE00-40F5-8372-9AFA6F44B765", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5305:*:*:*:*:*:*", matchCriteriaId: "916DEBE1-C3AB-415B-9463-1A4253F609C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5306:*:*:*:*:*:*", matchCriteriaId: "5CFBBCCD-7625-4C73-AFCA-924DFAC48BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5307:*:*:*:*:*:*", matchCriteriaId: "FA24BDA1-675D-45E2-A0F8-041CC6DF1D39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5308:*:*:*:*:*:*", matchCriteriaId: "CE4EA03B-33D0-4057-A80C-4AF69D22FF38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5309:*:*:*:*:*:*", matchCriteriaId: "0BA96538-C2F8-42C2-AF49-55B7D216B17B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5310:*:*:*:*:*:*", matchCriteriaId: "D9227C12-AFD7-4481-8495-998F9AB4E668", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5311:*:*:*:*:*:*", matchCriteriaId: "17755902-5421-45C1-8952-70771E8C79A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5312:*:*:*:*:*:*", matchCriteriaId: "CA16BF41-2F02-422A-A92F-40EA8BF7A75F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5313:*:*:*:*:*:*", matchCriteriaId: "54C11E83-F0BA-4C47-875E-7CFEC447728E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5314:*:*:*:*:*:*", matchCriteriaId: "DDF73A07-905D-4F26-848B-84C3A9F1630C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5315:*:*:*:*:*:*", matchCriteriaId: "5EE92704-67CE-4D3A-97D1-BEAB1CFFC70C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5316:*:*:*:*:*:*", matchCriteriaId: "ABFB14B0-F81C-4C7A-B1EF-EF8C4D779576", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5317:*:*:*:*:*:*", matchCriteriaId: "219F3924-899B-4D14-90FF-E1F8B8A6B5F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5318:*:*:*:*:*:*", matchCriteriaId: "4C222551-E231-43E3-98BD-773FDB68D589", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5319:*:*:*:*:*:*", matchCriteriaId: "DAD582DE-6811-4D78-899C-933D1D409EF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5320:*:*:*:*:*:*", matchCriteriaId: "7D7BF363-19F5-4655-9A8C-AFF535AF0558", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5321:*:*:*:*:*:*", matchCriteriaId: "962CABE0-C8AF-4C2F-81D7-12D232C390F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5322:*:*:*:*:*:*", matchCriteriaId: "613D8FD3-7086-4E59-A012-884A094BAD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5323:*:*:*:*:*:*", matchCriteriaId: "7D14A1B5-95A8-4F62-B06A-8BA4641CC35E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5324:*:*:*:*:*:*", matchCriteriaId: "F3C27B95-B5AB-4BBD-9701-85560CC020CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5325:*:*:*:*:*:*", matchCriteriaId: "7B46B8A8-2C90-44C8-A5C9-186593D0A556", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5326:*:*:*:*:*:*", matchCriteriaId: "2CA0E58E-2535-422A-AF35-3EF017792570", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5327:*:*:*:*:*:*", matchCriteriaId: "8CC89F07-DD8C-4DD9-BE80-D9DA689A4D19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5328:*:*:*:*:*:*", matchCriteriaId: "AD53F8D8-34A0-46F0-9AC9-EF088B4C9AB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5329:*:*:*:*:*:*", matchCriteriaId: "A9B6BA8A-8709-4E8E-A42E-85B0E99818E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5330:*:*:*:*:*:*", matchCriteriaId: "B0F00049-CA99-4A6B-B347-78768BF19DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5400:*:*:*:*:*:*", matchCriteriaId: "30A10B00-E8DD-445D-AFC3-DC7DAF42724F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5500:*:*:*:*:*:*", matchCriteriaId: "CBEEB6C7-764D-4012-9656-FC76F43A53EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5501:*:*:*:*:*:*", matchCriteriaId: "86F5057B-4DFA-43A0-B604-9CACEEE926E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5502:*:*:*:*:*:*", matchCriteriaId: "5EF382C0-392B-4DA9-AFA2-3CD933615E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5503:*:*:*:*:*:*", matchCriteriaId: "78019D71-4598-4095-AAF4-13DCD93F842F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5504:*:*:*:*:*:*", matchCriteriaId: "3C6F69D0-1595-42E9-B812-63C133965E16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5505:*:*:*:*:*:*", matchCriteriaId: "30D743E2-FE10-43BB-9514-4581F33F2C34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5506:*:*:*:*:*:*", matchCriteriaId: "D4639A68-BAA3-4669-B2F1-AD381A25464D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5507:*:*:*:*:*:*", matchCriteriaId: "DF69BD50-A3B7-4C9C-83ED-088EBB977F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5508:*:*:*:*:*:*", matchCriteriaId: "0313F401-85DC-4DF0-AEAD-A8D6885902CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5509:*:*:*:*:*:*", matchCriteriaId: "924F6A44-0E30-46A9-990E-DA44AA61C012", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5510:*:*:*:*:*:*", matchCriteriaId: "C514F02D-DB00-4B05-A53C-A13310FE9E4A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5511:*:*:*:*:*:*", matchCriteriaId: "D013876C-9433-4576-84B5-464649CC8199", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5512:*:*:*:*:*:*", matchCriteriaId: "8DFA286F-0C4E-4C56-8FFB-15481594FE42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5513:*:*:*:*:*:*", matchCriteriaId: "D86056BB-3CF4-4C8A-B685-1E88E25429F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5514:*:*:*:*:*:*", matchCriteriaId: "BDE0C598-57A7-4EEF-A98C-44B871955BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5515:*:*:*:*:*:*", matchCriteriaId: "C6F752FD-8B2C-4636-B7DD-343D2DEDE7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5516:*:*:*:*:*:*", matchCriteriaId: "B435C1CA-2DD6-4DC7-B7B1-9B232EA5CFC3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5517:*:*:*:*:*:*", matchCriteriaId: "48A77EA0-C382-4A81-9EE3-48F7AC8AFEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5518:*:*:*:*:*:*", matchCriteriaId: "48907141-7B99-4D1A-955D-7E98B46E5A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5519:*:*:*:*:*:*", matchCriteriaId: "C894A206-F09A-4D6A-9675-618CD8FEFD08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5520:*:*:*:*:*:*", matchCriteriaId: "52028275-3CFA-4AB0-8013-018FF88C11B0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5521:*:*:*:*:*:*", matchCriteriaId: "2864B47E-79C8-4FE4-97E5-3C85C926CA21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5600:*:*:*:*:*:*", matchCriteriaId: "627B72C4-8311-414D-AA55-EC5F71794F58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5601:*:*:*:*:*:*", matchCriteriaId: "74839837-94FC-4A6F-8DE2-358A7AD28D28", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5602:*:*:*:*:*:*", matchCriteriaId: "66B9BB15-FA78-4C05-8670-610DD790FF75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5603:*:*:*:*:*:*", matchCriteriaId: "166217A8-C306-4C79-A33F-D45032F2D1E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5604:*:*:*:*:*:*", matchCriteriaId: "EFC0E47A-8807-441D-BEFA-1E9A71EDA7C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5605:*:*:*:*:*:*", matchCriteriaId: "06395B41-9538-42FF-8ADB-E750F5C5B2C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5606:*:*:*:*:*:*", matchCriteriaId: "0DF7379A-F56E-4A2D-8099-2C0E72B8ACA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*", matchCriteriaId: "FE8675BC-B0AA-4067-B079-FCAE97519B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5701, tiene XEE (XML External Entity) mediante una licencia de producto subida.", }, ], id: "CVE-2018-20664", lastModified: "2024-11-21T04:01:57.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-03T19:29:01.680", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5701", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37416/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37416/ | Release Notes, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, es vulnerable a un ataque de tipo XSS reflejado en la página loadframe.", }, ], id: "CVE-2021-37416", lastModified: "2024-11-21T06:15:07.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T19:15:08.967", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37416/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37416/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-04 14:15
Modified
2024-11-21 04:58
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7380E0EF-684C-487E-B343-672248D8642E", versionEndIncluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*", matchCriteriaId: "09718DA2-31D3-4CC3-B95D-6A8BE6233700", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*", matchCriteriaId: "A217F6ED-BC7F-46B7-9D43-D75A3D416322", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*", matchCriteriaId: "562397B8-DF54-4585-81B4-3F89816CC8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*", matchCriteriaId: "319E6B84-4D6C-45D2-BF5A-8461202C4463", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*", matchCriteriaId: "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*", matchCriteriaId: "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*", matchCriteriaId: "94E70435-5332-48F3-9602-FCA1EFB617BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*", matchCriteriaId: "AC040DA3-91BB-41CD-ADE3-D2AA0537516D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*", matchCriteriaId: "8E71EE09-F2D6-4981-A962-14DAC49A9A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*", matchCriteriaId: "4709685D-CCF0-4444-99B8-4DC6E3D53A62", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*", matchCriteriaId: "13599F95-25B2-4C21-8174-DA966A49249B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*", matchCriteriaId: "D2CB6693-492A-4607-9D9C-15C746E12864", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*", matchCriteriaId: "35238419-A73A-4333-9F3D-481FAA1D167C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*", matchCriteriaId: "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*", matchCriteriaId: "4E0B4F11-A1E8-4D21-9707-8639A3040840", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*", matchCriteriaId: "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones anteriores a 5815, permite una ejecución de código remota no autenticada.", }, ], id: "CVE-2020-11518", lastModified: "2024-11-21T04:58:03.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-04T14:15:11.707", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-19 19:15
Modified
2024-11-21 05:57
Severity ?
Summary
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*", matchCriteriaId: "86396EFE-E4E1-42DB-A206-9D44B977DB95", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*", matchCriteriaId: "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "89042E18-91F4-4EB7-9276-251A94529D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*", matchCriteriaId: "0215A848-4170-42E0-9711-E9922CE82CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*", matchCriteriaId: "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*", matchCriteriaId: "A5D87211-8D8F-420A-AAAC-296FCD214CA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*", matchCriteriaId: "D8C120A3-C62A-4F39-BB9C-546C7AC57D89", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*", matchCriteriaId: "301FC0FF-8064-470E-BFAA-CC54078D1044", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*", matchCriteriaId: "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*", matchCriteriaId: "821E2F3D-5B0C-4985-9934-F80E163EC1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*", matchCriteriaId: "0FFD43E2-8C28-4423-8660-8C9FC996C339", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*", matchCriteriaId: "E9497B19-1845-44C5-8868-332DDE6DD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*", matchCriteriaId: "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.", }, { lang: "es", value: "Una vulnerabilidad de tipo Server-side request forgery (SSRF) en el servlet ProductConfig en Zoho ManageEngine ADSelfService Plus versiones hasta 6013, permite a un atacante remoto no autenticado realizar peticiones HTTP ciegas o realizar un ataque de tipo Cross-site scripting (XSS) contra la interfaz administrativa por medio de una petición HTTP, una vulnerabilidad diferente a CVE-2019-3905", }, ], id: "CVE-2021-27214", lastModified: "2024-11-21T05:57:36.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-19T19:15:12.567", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-27 18:15
Modified
2024-11-27 16:25
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0B9A77AF-9D42-42A2-84F3-4307E46D917F", versionEndExcluding: "6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*", matchCriteriaId: "0FCE8818-79BB-41F7-9D2E-43FEE698B325", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.", }, { lang: "es", value: "Las versiones de Zoho ManageEngine ADSelfService Plus inferiores a 6401 son vulnerables al ataque de DOS debido a la consulta LDAP maliciosa.", }, ], id: "CVE-2024-27310", lastModified: "2024-11-27T16:25:10.307", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-27T18:15:09.693", references: [ { source: "0fc0942c-577d-436f-ae8e-945763c79b02", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html", }, ], sourceIdentifier: "0fc0942c-577d-436f-ae8e-945763c79b02", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-90", }, ], source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-10 15:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones 6111 y anteriores, son vulnerables a una toma de posesión de aplicaciones vinculadas", }, ], id: "CVE-2021-37423", lastModified: "2024-11-21T06:15:08.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-10T15:15:12.007", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-02-17 18:00
Modified
2024-11-21 01:18
Severity ?
Summary
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "40A75087-E063-4DDE-8C0A-296A2F3A29FD", versionEndIncluding: "4.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.", }, { lang: "es", value: "accounts/ValidateAnswers en la implementación de seguridad-preguntas en Zoho ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 facilita a los atacantes remotos restablecer las contraseñas de usuario, y en consecuencia obtener acceso a cuentas de usuario arbitrarias, a través de una modificación de los parámetros (1) Hide_Captcha o (2) quesList en una acción validateAll.", }, ], id: "CVE-2010-3272", lastModified: "2024-11-21T01:18:24.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-02-17T18:00:02.120", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43241", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/8089", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/70870", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/46331", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/8089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/70870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/46331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-07 22:15
Modified
2024-11-21 06:50
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Product | |
| cve@mitre.org | https://raxis.com/blog/cve-2022-24681 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raxis.com/blog/cve-2022-24681 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", matchCriteriaId: "17270CDC-C800-4B5A-BEAA-83AF455BBBEA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", matchCriteriaId: "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*", matchCriteriaId: "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*", matchCriteriaId: "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*", matchCriteriaId: "2EC89DCA-D24A-46BB-8086-C306BB4CDABD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*", matchCriteriaId: "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*", matchCriteriaId: "E319DA11-0C76-4F52-A197-FFBF4F30BB55", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*", matchCriteriaId: "B928577F-3183-4305-9009-A8C6970477D6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*", matchCriteriaId: "CE6F33B5-418E-4B38-81EB-090E4F3AF89A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, permite un ataque de tipo XSS por medio del atributo welcome name en la pantalla Reset Password, Unlock Account, o User Must Change Password", }, ], id: "CVE-2022-24681", lastModified: "2024-11-21T06:50:51.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-07T22:15:07.807", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://raxis.com/blog/cve-2022-24681", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://raxis.com/blog/cve-2022-24681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:47
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/ | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Patch, Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.", }, { lang: "es", value: "Se ha descubierto un problema en Zoho ManageEngine ADSelfService Plus, en versiones 5.x hasta la Build 5704. Emplea claves de cifrado fijas para proteger la información, otorgando a un atacante la capacidad de descifrar cualquier dato protegido.", }, ], id: "CVE-2019-7161", lastModified: "2024-11-21T04:47:41.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:01:10.780", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-17 18:15
Modified
2024-11-21 04:22
Severity ?
Summary
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "6A44531A-3F42-4D1A-AE4A-BE43BDA5BD0F", versionEndExcluding: "5.0.6", versionStartIncluding: "4.3.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.", }, { lang: "es", value: "Una vulnerabilidad de omisión de identificación en la funcionalidad de restablecimiento de contraseña en Zoho ManageEngine ADSelfService Plus antes de la versión 5.0.6 permite a un atacante con acceso físico obtener una shell con privilegios de SISTEMA a través del navegador restringido de clientes densos. El ataque usa una larga secuencia de entradas de teclado creadas.", }, ], id: "CVE-2019-12476", lastModified: "2024-11-21T04:22:56.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-17T18:15:10.907", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/108813", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/0katz/CVE-2019-12476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/108813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/0katz/CVE-2019-12476", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-640", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-25 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*", matchCriteriaId: "ADB66864-2B10-4693-89C5-F13AADCAF0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*", matchCriteriaId: "36A2372E-DD10-455D-90C9-C8B5EBA52D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*", matchCriteriaId: "212A1978-367C-417E-B887-6C957B76578C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*", matchCriteriaId: "1261129B-F0FD-4849-A8D9-9CBD99910FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*", matchCriteriaId: "087A729A-A175-4CE5-AF87-510E51125C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*", matchCriteriaId: "EFBB3F80-C322-4015-897D-12736CED3077", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*", matchCriteriaId: "B3D55605-AD61-4D63-BCA9-CAD95020813E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*", matchCriteriaId: "327F7E10-4704-46D9-A82A-8E799181D0DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*", matchCriteriaId: "F515AB67-A302-4A95-BC99-F7F26BA67B44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*", matchCriteriaId: "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*", matchCriteriaId: "C8D9FAD8-419D-4489-AAF7-96953CDB595B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*", matchCriteriaId: "04373F72-E36E-4EFD-8215-C6CF44464DF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*", matchCriteriaId: "126040DD-08A6-45B4-8A41-E47DAF8716FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*", matchCriteriaId: "595F8E5F-068B-4526-A76F-D40EADC56135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*", matchCriteriaId: "C8608BDC-21B0-4C4C-9C1E-540FDCA13671", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*", matchCriteriaId: "3AA24300-1217-4DFA-8247-CF1B83B47C1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*", matchCriteriaId: "AE175D32-95D7-451F-88C0-492B4C827CA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "48B406DA-32D5-4343-B859-FB463B01CFE5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*", matchCriteriaId: "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*", matchCriteriaId: "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*", matchCriteriaId: "FE8675BC-B0AA-4067-B079-FCAE97519B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "82FD8A24-2D01-4D2A-ADDE-51EBCC189332", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "3CDD178D-9CE8-4FC9-8388-BB89DC949924", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "4F3F2942-54CE-41A9-909B-8D5CE515A7FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*", matchCriteriaId: "20D1E7EE-8977-4010-AF5D-843A44853363", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*", matchCriteriaId: "09718DA2-31D3-4CC3-B95D-6A8BE6233700", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*", matchCriteriaId: "A217F6ED-BC7F-46B7-9D43-D75A3D416322", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*", matchCriteriaId: "562397B8-DF54-4585-81B4-3F89816CC8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*", matchCriteriaId: "319E6B84-4D6C-45D2-BF5A-8461202C4463", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*", matchCriteriaId: "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*", matchCriteriaId: "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*", matchCriteriaId: "94E70435-5332-48F3-9602-FCA1EFB617BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*", matchCriteriaId: "AC040DA3-91BB-41CD-ADE3-D2AA0537516D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*", matchCriteriaId: "8E71EE09-F2D6-4981-A962-14DAC49A9A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*", matchCriteriaId: "4709685D-CCF0-4444-99B8-4DC6E3D53A62", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*", matchCriteriaId: "13599F95-25B2-4C21-8174-DA966A49249B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*", matchCriteriaId: "D2CB6693-492A-4607-9D9C-15C746E12864", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*", matchCriteriaId: "35238419-A73A-4333-9F3D-481FAA1D167C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*", matchCriteriaId: "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*", matchCriteriaId: "4E0B4F11-A1E8-4D21-9707-8639A3040840", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*", matchCriteriaId: "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*", matchCriteriaId: "7F229F49-EA44-4D0A-855B-FC586CE8CFA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*", matchCriteriaId: "07AED2F0-F527-4B4A-82FC-F571899F3738", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*", matchCriteriaId: "86396EFE-E4E1-42DB-A206-9D44B977DB95", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*", matchCriteriaId: "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "89042E18-91F4-4EB7-9276-251A94529D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*", matchCriteriaId: "0215A848-4170-42E0-9711-E9922CE82CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*", matchCriteriaId: "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*", matchCriteriaId: "A5D87211-8D8F-420A-AAAC-296FCD214CA9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*", matchCriteriaId: "D8C120A3-C62A-4F39-BB9C-546C7AC57D89", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*", matchCriteriaId: "301FC0FF-8064-470E-BFAA-CC54078D1044", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*", matchCriteriaId: "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*", matchCriteriaId: "821E2F3D-5B0C-4985-9934-F80E163EC1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*", matchCriteriaId: "0FFD43E2-8C28-4423-8660-8C9FC996C339", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*", matchCriteriaId: "E9497B19-1845-44C5-8868-332DDE6DD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*", matchCriteriaId: "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones hasta 6101, es vulnerable a una Ejecución de Código Remota no autenticada mientras se cambia la contraseña", }, ], id: "CVE-2021-28958", lastModified: "2024-11-21T06:00:26.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-25T12:15:08.337", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-28958/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#6102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-28958/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#6102", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-03 19:29
Modified
2024-11-21 04:42
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/ | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html#5703 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html#5703 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5703, tiene Server-Side Request Forgery (SSRF).", }, ], id: "CVE-2019-3905", lastModified: "2024-11-21T04:42:50.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-03T19:29:01.757", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html#5703", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7380E0EF-684C-487E-B343-672248D8642E", versionEndIncluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*", matchCriteriaId: "09718DA2-31D3-4CC3-B95D-6A8BE6233700", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*", matchCriteriaId: "A217F6ED-BC7F-46B7-9D43-D75A3D416322", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*", matchCriteriaId: "562397B8-DF54-4585-81B4-3F89816CC8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*", matchCriteriaId: "319E6B84-4D6C-45D2-BF5A-8461202C4463", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*", matchCriteriaId: "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*", matchCriteriaId: "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*", matchCriteriaId: "94E70435-5332-48F3-9602-FCA1EFB617BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*", matchCriteriaId: "AC040DA3-91BB-41CD-ADE3-D2AA0537516D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*", matchCriteriaId: "8E71EE09-F2D6-4981-A962-14DAC49A9A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*", matchCriteriaId: "4709685D-CCF0-4444-99B8-4DC6E3D53A62", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*", matchCriteriaId: "13599F95-25B2-4C21-8174-DA966A49249B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*", matchCriteriaId: "D2CB6693-492A-4607-9D9C-15C746E12864", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*", matchCriteriaId: "35238419-A73A-4333-9F3D-481FAA1D167C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*", matchCriteriaId: "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*", matchCriteriaId: "4E0B4F11-A1E8-4D21-9707-8639A3040840", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*", matchCriteriaId: "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*", matchCriteriaId: "7F229F49-EA44-4D0A-855B-FC586CE8CFA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*", matchCriteriaId: "07AED2F0-F527-4B4A-82FC-F571899F3738", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "3DB7B1B9-633E-4866-B236-94888342ACD1", versionEndIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "1A55E1C9-DCFE-49E7-A9A3-E3A5ECBEE4C6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E8C30A5E-33C7-4EB3-9FB4-D5AECD9A5C08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "B7085438-77E4-4B12-A885-F2294CF9B318", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "7821DCD0-30DB-4520-B174-0E51CB07E12A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "4666EEFD-5F91-4F1D-BB15-736A984ABA27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*", matchCriteriaId: "CCCD7A9D-B1BC-4CE8-9E5D-8795674BB1AA", versionEndIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4200:*:*:*:*:*:*", matchCriteriaId: "14116D8A-9798-4EF2-9652-286D4CBDAADF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4201:*:*:*:*:*:*", matchCriteriaId: "DAC56F69-9894-4236-9E4E-412403204E79", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4202:*:*:*:*:*:*", matchCriteriaId: "6B180386-1930-4EC2-9AF8-21F375E74BCE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4203:*:*:*:*:*:*", matchCriteriaId: "91787EC1-3053-4784-B985-FC09F368CB2A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4204:*:*:*:*:*:*", matchCriteriaId: "B270FDB7-A2E2-4D77-9E68-17E57ED41B19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4205:*:*:*:*:*:*", matchCriteriaId: "06621A53-3A32-4691-A02A-417A9DBCB9DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4206:*:*:*:*:*:*", matchCriteriaId: "E32D414E-ADEB-4FE3-8114-815A744DBF76", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4207:*:*:*:*:*:*", matchCriteriaId: "E2A124B0-CAC1-4D17-98FF-DF479F404283", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4208:*:*:*:*:*:*", matchCriteriaId: "BED5824C-9A62-4A9E-A440-3368D709674B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4209:*:*:*:*:*:*", matchCriteriaId: "F36F3D07-F9E3-4CF1-8BD3-73F58B18D35C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4210:*:*:*:*:*:*", matchCriteriaId: "357AB232-A834-4899-950D-53E0690726A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4212:*:*:*:*:*:*", matchCriteriaId: "680C0265-E4DF-4275-8B0C-EBD9E7B5B798", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4213:*:*:*:*:*:*", matchCriteriaId: "27CA1268-5D13-445A-985B-AE8F5494F61C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4214:*:*:*:*:*:*", matchCriteriaId: "2112361C-8F57-40E6-B665-FA8D585FA933", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4215:*:*:*:*:*:*", matchCriteriaId: "A4E777D1-9414-439C-9309-7C89192905A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4216:*:*:*:*:*:*", matchCriteriaId: "FDCD0C9A-0287-4BAA-97C1-CCA96212A8A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4217:*:*:*:*:*:*", matchCriteriaId: "27D917BB-D64D-4E16-B5E2-485EE127A310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4219:*:*:*:*:*:*", matchCriteriaId: "CD0D83CD-3F8B-41A5-8110-2207FC202529", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4220:*:*:*:*:*:*", matchCriteriaId: "E7569882-9E12-4ED8-9F54-AC1F0C9EC50B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4222:*:*:*:*:*:*", matchCriteriaId: "F15A754D-A668-42C8-9E37-7A3364BE129B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4223:*:*:*:*:*:*", matchCriteriaId: "086FDB61-78D3-4540-B2AC-42DF1D41ABA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4224:*:*:*:*:*:*", matchCriteriaId: "6F9285FB-23E4-438E-8081-D0589A8727C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4225:*:*:*:*:*:*", matchCriteriaId: "A4E0D81C-36B3-4638-BB0E-18023D13DA97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4227:*:*:*:*:*:*", matchCriteriaId: "5B1F3742-3B1A-43DC-8CD7-547A4EB436E7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "D3ADF4BC-41C3-483D-A24F-52F5D8D90E02", versionEndIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6000:*:*:*:*:*:*", matchCriteriaId: "D88BAE7C-AE20-4B66-8380-93CFF7E716F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "A2EA6313-C2FC-45B5-92E6-4239B4E41E11", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6002:*:*:*:*:*:*", matchCriteriaId: "B6BAA7AF-E61E-40FB-ADA5-CDC51508A848", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6003:*:*:*:*:*:*", matchCriteriaId: "9F96ED00-5DBE-4909-90DF-F4CDB4946ED9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6010:*:*:*:*:*:*", matchCriteriaId: "4CCFDC58-067A-420F-924B-9BFC342411D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6011:*:*:*:*:*:*", matchCriteriaId: "3C532BCE-429E-403D-9D44-9E3B8FD35C91", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6012:*:*:*:*:*:*", matchCriteriaId: "7286F2C9-FB52-4524-8293-81B36E9E8534", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6013:*:*:*:*:*:*", matchCriteriaId: "E70A8EC5-1046-42E8-99DC-D564B66BA987", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6020:*:*:*:*:*:*", matchCriteriaId: "A6BF11B6-4616-49DC-B7D0-0165691D7ABA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6021:*:*:*:*:*:*", matchCriteriaId: "32FCBB8F-35F2-4A3C-8F04-39AEAAB76BCE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6030:*:*:*:*:*:*", matchCriteriaId: "75F07512-4B8D-492C-A59A-E2E75713241B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6031:*:*:*:*:*:*", matchCriteriaId: "1750C0CC-B017-44DF-95F2-628125E416FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6032:*:*:*:*:*:*", matchCriteriaId: "B0D5FC87-6BD7-4056-8879-7BAF28BB69C1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "DB19FFF0-464F-4BAA-BD8F-5A8296EAC724", versionEndIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "58739BDC-8741-4904-96C4-5E075FF87676", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6003:*:*:*:*:*:*", matchCriteriaId: "69C40DE9-1849-437B-8C48-BB5ACD104CDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6005:*:*:*:*:*:*", matchCriteriaId: "5792AAA4-6E32-48F6-BAF9-91AE9CE468D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6011:*:*:*:*:*:*", matchCriteriaId: "BB623771-BA56-4684-85E1-941A5EF0624A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6016:*:*:*:*:*:*", matchCriteriaId: "9CCF0FA4-0326-405B-94F2-513E0FAA6FB6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "789DE939-8305-4684-B19C-29F5A26E25A6", versionEndIncluding: "12.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12130:*:*:*:*:*:*", matchCriteriaId: "04E5575C-A204-4A46-ACDB-7A2837B2A5ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12135:*:*:*:*:*:*", matchCriteriaId: "22C76170-BE8E-40D7-9AA0-349EBB9DC718", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "350B9823-6421-4817-A9BA-B138918ADEDB", versionEndIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6000:*:*:*:*:*:*", matchCriteriaId: "053FB8DD-94D7-438A-8802-8ECF8B79FCA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "616D32A3-B19A-4C05-BF43-4AEB7573BF82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6002:*:*:*:*:*:*", matchCriteriaId: "28FF33D3-81DE-4849-8EA9-4C396D775892", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6003:*:*:*:*:*:*", matchCriteriaId: "A6BE7AA0-F201-4F29-BE11-983CAE5BE103", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6010:*:*:*:*:*:*", matchCriteriaId: "64339FF6-3563-41B2-8B61-A9DF076069C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6030:*:*:*:*:*:*", matchCriteriaId: "AD025538-8C73-4648-9C77-25E49FF77A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6031:*:*:*:*:*:*", matchCriteriaId: "FB3C81C0-1234-4CAA-8FB1-833FB2EF4872", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6032:*:*:*:*:*:*", matchCriteriaId: "A5E6D12F-C642-4001-A838-65DDA3F94D04", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6033:*:*:*:*:*:*", matchCriteriaId: "32435B99-81DD-4AEC-ABBF-DEAFAB00CC87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6050:*:*:*:*:*:*", matchCriteriaId: "37CDC611-B94C-483C-9C4C-5BCFA6CAB7E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6052:*:*:*:*:*:*", matchCriteriaId: "A75E3D4D-5596-4E93-8541-F183AF105231", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "45EEAE93-0898-4FD8-9A31-FE2D5AAD3E79", versionEndIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4300:*:*:*:*:*:*", matchCriteriaId: "1312ABF3-93FA-46E7-BF3C-61B1A0E7BA2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4301:*:*:*:*:*:*", matchCriteriaId: "6912B88D-23D4-4E1E-98B8-60A60314A516", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4302:*:*:*:*:*:*", matchCriteriaId: "7392FEE2-8102-4125-8927-4356732ED167", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4303:*:*:*:*:*:*", matchCriteriaId: "0A9867BA-BAD0-482E-AC6B-CFDC9BF19AFB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4304:*:*:*:*:*:*", matchCriteriaId: "B20578E3-8995-4062-9FBF-85B76945B6EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4305:*:*:*:*:*:*", matchCriteriaId: "96471B59-E195-4FF4-A36C-C4248F970817", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4306:*:*:*:*:*:*", matchCriteriaId: "DAD74918-D60A-427A-B46B-979F3D0870A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4308:*:*:*:*:*:*", matchCriteriaId: "91731443-F449-457A-B8BD-017726596714", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4309:*:*:*:*:*:*", matchCriteriaId: "C923DAAE-1C60-4A50-800D-422098A143FA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4310:*:*:*:*:*:*", matchCriteriaId: "F820E8A0-981A-4C68-AFBF-D263B627F4FA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4311:*:*:*:*:*:*", matchCriteriaId: "84F1A956-19D1-47D3-AEF4-0117A25A1DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4312:*:*:*:*:*:*", matchCriteriaId: "2AE25043-4F64-4B5E-8B9F-B0793FE4834F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4316:*:*:*:*:*:*", matchCriteriaId: "2D5849AA-9DD2-4836-9F78-0CFB917A8398", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4317:*:*:*:*:*:*", matchCriteriaId: "777FFDDC-EA8A-45C5-963A-8982C7FA9D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4318:*:*:*:*:*:*", matchCriteriaId: "61658169-04C4-45A5-B6F9-31EABDFC7026", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4319:*:*:*:*:*:*", matchCriteriaId: "0439F4CA-5831-444F-9403-91B08D55CE37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4320:*:*:*:*:*:*", matchCriteriaId: "CCE01DB3-1C25-4A0A-86A2-48052A01F21C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4321:*:*:*:*:*:*", matchCriteriaId: "20CF3B2A-E1DA-472C-9E5B-7729F5A9B72F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4322:*:*:*:*:*:*", matchCriteriaId: "EF5CADAA-EE4B-45FE-8B31-910EB2F9A457", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4324:*:*:*:*:*:*", matchCriteriaId: "317936F9-5856-4C05-96B0-06B286002C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4325:*:*:*:*:*:*", matchCriteriaId: "7A6A9E35-0AE0-41EC-95BD-6DA045B670C8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4327:*:*:*:*:*:*", matchCriteriaId: "02E7A3A5-B101-450A-B048-580535ACD150", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4328:*:*:*:*:*:*", matchCriteriaId: "A7804A96-2937-46EE-BCCE-7C19D3A0BF87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4329:*:*:*:*:*:*", matchCriteriaId: "92CF2307-5CE0-44C6-BBAB-9974879426D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4330:*:*:*:*:*:*", matchCriteriaId: "A8D1D36D-990A-426E-9DA6-8506DA235FD4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4331:*:*:*:*:*:*", matchCriteriaId: "9210E989-CEBE-430A-ABF1-30DFC3B81CFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4332:*:*:*:*:*:*", matchCriteriaId: "AD45843D-AB8F-4CFF-8EDA-3A1AEB9C3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4333:*:*:*:*:*:*", matchCriteriaId: "81549C4B-1B64-4E4F-91D2-25EA86BB2859", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4334:*:*:*:*:*:*", matchCriteriaId: "56201D6A-2330-41D0-B38D-9D4A21D6CF20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "6D116EAD-FC10-4B20-88C1-356C9EE0F8D7", versionEndIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*", matchCriteriaId: "BFD452AD-7053-4C13-97DA-326C3DC6E26C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*", matchCriteriaId: "0B87956F-9C45-4A65-BEB2-77A247BD7A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*", matchCriteriaId: "17BE6347-1605-47DB-8CFE-B587E3AB4223", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*", matchCriteriaId: "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*", matchCriteriaId: "E6A7C5C6-0137-4279-A7EA-3439BE477A3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*", matchCriteriaId: "C921F1B2-69B4-448F-AC7C-2F4474507FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*", matchCriteriaId: "91DB9017-1BCF-48DB-97AE-4214150BAE77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*", matchCriteriaId: "D066B999-8554-49F0-92C3-1A4DDEA6E32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*", matchCriteriaId: "635F80E1-4A73-48DC-A128-D61716D70839", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*", matchCriteriaId: "E74FE1C4-471A-4040-96A4-0BE46745199B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "CF66EAF9-40F8-4C96-B521-58EFEFFEA2C6", versionEndIncluding: "6.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*", matchCriteriaId: "4DE6724F-80AA-4B3E-8CF1-1158F6C98AEA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*", matchCriteriaId: "A4D9B6E0-47A7-48D1-AF6A-A8512475ABD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*", matchCriteriaId: "FFD7E625-FAA2-4452-9E18-5E4A61A93FDD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*", matchCriteriaId: "8504DAE3-6CD9-4640-9EB1-CB304DB79BE9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*", matchCriteriaId: "F42110FC-D21E-439E-BB8C-45C03F639CCC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*", matchCriteriaId: "612E5D11-83D1-4E80-B7A4-57F61690DFCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*", matchCriteriaId: "C89C31C7-3196-47CD-9A9D-0761CEEB04E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*", matchCriteriaId: "821C24DA-1C22-43ED-AD67-E947D323A3A0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*", matchCriteriaId: "FAFEF7B6-4B56-42C8-958B-E0B677F5D150", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*", matchCriteriaId: "43CEBA06-F115-41E9-8B3E-C004528340A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*", matchCriteriaId: "E398D48C-AD94-4E84-9E3A-28A8586B3112", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*", matchCriteriaId: "3D042A11-638F-4485-A753-ACF2BE92D900", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*", matchCriteriaId: "26B0E2FA-186D-48D7-89AE-461224CA7242", versionEndIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4F222A9E-12E7-45E6-BF7D-61D60FCF1787", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "E5EBBD07-EB06-407C-8BFE-139A7F37D129", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4408F07A-E77E-4F74-B951-E90D0AD0FC52", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "44454167-93A9-4109-A137-0DBF56B870E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "9F95F165-5E41-4F44-A049-1B67F045A3FF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "EF50B0BD-244E-4445-A119-7165829BEA1D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5120:*:*:*:*:*:*", matchCriteriaId: "0A509BA6-9E79-4250-B412-2CCE2EF20031", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5150:*:*:*:*:*:*", matchCriteriaId: "CA676B42-6E42-4A5C-986E-C06A4F97500A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5154:*:*:*:*:*:*", matchCriteriaId: "CA8D9B25-9BB1-427A-8C07-FB40638218E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5155:*:*:*:*:*:*", matchCriteriaId: "B1660FC6-4E59-4F1B-ABAB-51E7CD31B3C6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5160:*:*:*:*:*:*", matchCriteriaId: "994FB926-30C1-4399-BE7E-1989375382FF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5164:*:*:*:*:*:*", matchCriteriaId: "38C88C6C-A399-4B3F-A3DE-8410B68C9C2D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.", }, { lang: "es", value: "Se detectó un problema en Zoho ManageEngine Exchange Reporter Plus antes del número de compilación 5510, AD360 antes del número de compilación 4228, ADSelfService Plus antes del número de compilación 5817, DataSecurity Plus antes del número de compilación 6033, RecoverManager Plus antes del número de compilación 6017, EventLog Analyzer antes del número de compilación 12136, ADAudit Además, antes del número de compilación 6052, O365 Manager Plus antes del número de compilación 4334, Cloud Security Plus antes del número de compilación 4110, ADManager Plus antes del número de compilación 7055 y Log360 antes del número de compilación 5166. El servlet de Java com.manageengine.ads.fw.servlet.UpdateProductDetails accesible remotamente es propenso a una omisión de autenticación. Las propiedades de integración del sistema pueden ser modificadas y conllevar a un compromiso total de la suite de ManageEngine", }, ], id: "CVE-2020-24786", lastModified: "2024-11-21T05:16:04.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-31T15:15:10.870", references: [ { source: "cve@mitre.org", url: "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/data-security/release-notes.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/eventlog/features-new.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/data-security/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/eventlog/features-new.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37421/ | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37421/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, son vulnerables a una evasión de la restricción de acceso al portal de administración.", }, ], id: "CVE-2021-37421", lastModified: "2024-11-21T06:15:07.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T19:15:09.220", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37421/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-37421/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:08
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-33055/ | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-33055/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released | Patch, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones hasta 6102, permite una ejecución de código remota no autenticado en ediciones no Inglesas.", }, ], id: "CVE-2021-33055", lastModified: "2024-11-21T06:08:11.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T19:15:08.657", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-33055/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-33055/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-06 22:15
Modified
2024-11-21 04:33
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "59408AE1-F8C3-48A7-BF31-ABB4173E42D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "82FD8A24-2D01-4D2A-ADDE-51EBCC189332", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "3CDD178D-9CE8-4FC9-8388-BB89DC949924", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "4F3F2942-54CE-41A9-909B-8D5CE515A7FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*", matchCriteriaId: "20D1E7EE-8977-4010-AF5D-843A44853363", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*", matchCriteriaId: "A217F6ED-BC7F-46B7-9D43-D75A3D416322", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*", matchCriteriaId: "562397B8-DF54-4585-81B4-3F89816CC8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*", matchCriteriaId: "319E6B84-4D6C-45D2-BF5A-8461202C4463", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*", matchCriteriaId: "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones 5.x hasta 5803, presenta una vulnerabilidad de tipo CSRF en la página de información de perfil de los usuarios. Los usuarios que son atacados con esta vulnerabilidad serán obligados a modificar su información registrada, tal y como correo electrónico y teléfono móvil, involuntariamente. Los atacantes podrían usar la función de restablecimiento de contraseña y controlar el sistema para enviar el código de autenticación en el canal que poseen los atacantes.", }, ], id: "CVE-2019-18411", lastModified: "2024-11-21T04:33:12.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-06T22:15:10.380", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-02 18:15
Modified
2024-11-21 06:06
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A79AAA12-67D4-4343-9E0B-249C07144DD8", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6104, en raras situaciones, permite a atacantes obtener información confidencial sobre la aplicación de base de datos de sincronización de contraseñas", }, ], id: "CVE-2021-31874", lastModified: "2024-11-21T06:06:24.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-02T18:15:09.563", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-31874/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.stmcyber.com/vulns/cve-2021-31874/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-26 18:29
Modified
2024-11-21 04:01
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*", matchCriteriaId: "ADB66864-2B10-4693-89C5-F13AADCAF0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*", matchCriteriaId: "36A2372E-DD10-455D-90C9-C8B5EBA52D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*", matchCriteriaId: "212A1978-367C-417E-B887-6C957B76578C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*", matchCriteriaId: "1261129B-F0FD-4849-A8D9-9CBD99910FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*", matchCriteriaId: "087A729A-A175-4CE5-AF87-510E51125C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*", matchCriteriaId: "EFBB3F80-C322-4015-897D-12736CED3077", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*", matchCriteriaId: "B3D55605-AD61-4D63-BCA9-CAD95020813E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*", matchCriteriaId: "327F7E10-4704-46D9-A82A-8E799181D0DB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*", matchCriteriaId: "F515AB67-A302-4A95-BC99-F7F26BA67B44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*", matchCriteriaId: "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*", matchCriteriaId: "C8D9FAD8-419D-4489-AAF7-96953CDB595B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*", matchCriteriaId: "04373F72-E36E-4EFD-8215-C6CF44464DF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*", matchCriteriaId: "126040DD-08A6-45B4-8A41-E47DAF8716FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*", matchCriteriaId: "595F8E5F-068B-4526-A76F-D40EADC56135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*", matchCriteriaId: "C8608BDC-21B0-4C4C-9C1E-540FDCA13671", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*", matchCriteriaId: "3AA24300-1217-4DFA-8247-CF1B83B47C1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*", matchCriteriaId: "AE175D32-95D7-451F-88C0-492B4C827CA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*", matchCriteriaId: "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*", matchCriteriaId: "DAD07524-564F-4559-9F6D-EB8961380A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*", matchCriteriaId: "76480E2A-FD99-4902-99D3-847136451618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*", matchCriteriaId: "D117C2AE-B396-46AD-9421-23750F9D6CDE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*", matchCriteriaId: "6B9F5FCF-BECA-424C-86C8-4769797AEB3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*", matchCriteriaId: "6A014DF4-0353-4117-927B-C7950D92EEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*", matchCriteriaId: "EC6163AF-1A41-4372-8D9B-985BB338B9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*", matchCriteriaId: "2387D138-C8F5-4DC1-A51E-629F9D96F4ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*", matchCriteriaId: "0504B6B8-AFA0-418E-AA86-057F4FD01466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*", matchCriteriaId: "78CA1BE6-6ACF-42B4-B603-9764A8B81555", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*", matchCriteriaId: "69866794-C599-49F7-8071-789DA3308AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*", matchCriteriaId: "850DCAC9-D98E-40C1-A748-88E257F09388", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "4523A4D2-1E40-4A14-81D7-820A2C81C90F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*", matchCriteriaId: "F4C03D7C-0EEC-4C66-8705-F69909483048", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*", matchCriteriaId: "9431C11F-E153-4298-8A1B-2CDF677A1428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*", matchCriteriaId: "557B4FD6-B1BD-47B4-87B8-7096B99695B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*", matchCriteriaId: "BE2EF829-DA42-4C87-AB14-B03BD0AFB177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*", matchCriteriaId: "C74D8FDF-04B3-4B03-9110-27683E2329FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*", matchCriteriaId: "5C376A34-DC80-4080-9B53-37D954B6F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*", matchCriteriaId: "4613CD78-8A7D-4382-9975-1BE698E6C2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*", matchCriteriaId: "9F32937B-9B1D-495F-812A-BEBAF3C67540", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*", matchCriteriaId: "5683B22F-54D1-4C53-8378-3500ADB4AD2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "08147E4E-6064-44D6-AF7C-1EB584A7CD60", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*", matchCriteriaId: "E0B110D0-A1BF-486B-A5C4-5927877C1258", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*", matchCriteriaId: "1C52392E-72C9-4F74-AECE-B20C0259E37D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*", matchCriteriaId: "38A4BE4A-B607-483E-AE79-8FF17BEF60B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*", matchCriteriaId: "3B2ABFA6-4506-42F8-B458-9EB83C8312DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*", matchCriteriaId: "B19B98B7-85D3-4D44-9853-1CD69586BF30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*", matchCriteriaId: "2EFDF89F-54BE-4D72-B95D-12127D8B35A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*", matchCriteriaId: "E4DD32D9-A0CA-4434-A8CF-121942FDF152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*", matchCriteriaId: "F86FFDB3-B19E-438E-8E5C-6D4994A29B61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*", matchCriteriaId: "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*", matchCriteriaId: "4921142A-2D9F-40BE-9640-44037667FB32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*", matchCriteriaId: "0909BEDE-D384-4719-87C7-4748E70669D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*", matchCriteriaId: "43969BCD-92A9-4181-9BE7-9A370FF0EA0E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*", matchCriteriaId: "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*", matchCriteriaId: "190837F9-E545-4576-8660-76837BFBA127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*", matchCriteriaId: "6C379810-C027-4443-BA2F-C72A0AFE9074", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*", matchCriteriaId: "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*", matchCriteriaId: "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*", matchCriteriaId: "6191E179-7D42-4D9A-AF78-B87DBC198B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*", matchCriteriaId: "01FC1A37-2AB7-4212-A93A-58021592FF67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*", matchCriteriaId: "96287289-2736-4197-B325-9D58EFDD6A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*", matchCriteriaId: "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*", matchCriteriaId: "E2437FCD-F77F-4103-914C-20C54C3E088A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*", matchCriteriaId: "45F52278-27B0-431E-8FF0-E3A5F68D513D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*", matchCriteriaId: "E231C429-0C6D-4DA6-8D89-DB888493F741", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*", matchCriteriaId: "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*", matchCriteriaId: "999D1D05-D8D7-445E-AAF7-B14769001928", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*", matchCriteriaId: "CC29D099-13A7-48F5-8A8A-6A564B972D98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*", matchCriteriaId: "AFAACD50-F964-48EB-8C71-856501FA5BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*", matchCriteriaId: "E52DD6D8-DCB5-470E-9F77-653552A5436B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*", matchCriteriaId: "1E41D887-5E33-4D94-9C9C-7385D7D777E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*", matchCriteriaId: "352966E5-E938-4FA4-A41B-2D95C0E233ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*", matchCriteriaId: "2C234A10-9D5A-4C47-92F1-82DA80F5B310", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*", matchCriteriaId: "8E1516F7-D152-4D9C-92D3-4BD68D77475A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*", matchCriteriaId: "BDDFB075-FA1B-47B9-B2EC-80228C20F042", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*", matchCriteriaId: "9A55F076-4CED-4BFC-B87D-A2AE950F78CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*", matchCriteriaId: "50ACF821-D09A-40B9-95A6-BC8DED3460D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*", matchCriteriaId: "E0949C30-651A-4646-B215-38AE86F719F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*", matchCriteriaId: "2DA8E108-49A7-4281-A938-ED1C1E4890B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*", matchCriteriaId: "3B631D21-372B-4B68-B467-F1A5616C5325", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*", matchCriteriaId: "26BC3F05-FC81-45E4-9D23-864C9B9FF47F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*", matchCriteriaId: "1BBF87A7-2A53-418D-BB27-D55B10564894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*", matchCriteriaId: "9343B338-953B-4E7D-9CD2-00781FFE3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*", matchCriteriaId: "9966E015-590E-4CAD-AEE9-F06E1B34A789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*", matchCriteriaId: "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*", matchCriteriaId: "04BB508C-91EA-43A3-B4AC-A7591801F387", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*", matchCriteriaId: "2B71FA9F-0FC4-4D12-B595-AC529878BC7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*", matchCriteriaId: "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*", matchCriteriaId: "0979E79B-936C-4787-8E0A-9F7F43A8A748", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*", matchCriteriaId: "673E69A8-71BA-49EC-B1AE-931736C6BF42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*", matchCriteriaId: "141FB02E-695F-484E-8FF6-C334C11F7CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*", matchCriteriaId: "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*", matchCriteriaId: "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*", matchCriteriaId: "942DC320-20A3-4CBF-BF94-390A9163FC02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*", matchCriteriaId: "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*", matchCriteriaId: "600E4C41-B1E1-468D-BA1A-489D0CE5F565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*", matchCriteriaId: "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*", matchCriteriaId: "E41D8FA9-5D9D-4102-B117-40354F847403", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*", matchCriteriaId: "8E620B19-0286-4723-91C4-848B6C453509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*", matchCriteriaId: "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*", matchCriteriaId: "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*", matchCriteriaId: "E7A0FC78-73CE-48CE-BD68-74C095F5B052", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*", matchCriteriaId: "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*", matchCriteriaId: "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*", matchCriteriaId: "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*", matchCriteriaId: "BF029B3F-93BE-44D3-B8E8-65F18A4F6632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*", matchCriteriaId: "C054330B-8344-437B-893F-AD844BCA3CE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*", matchCriteriaId: "CA7A820D-17C3-4F20-B4C4-9068F9594786", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*", matchCriteriaId: "DEA0897C-62CE-401A-B940-4CA47A0BDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*", matchCriteriaId: "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*", matchCriteriaId: "269B1711-8110-4177-8CF2-AD9F1D9E20AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*", matchCriteriaId: "39DFD696-3A7F-4003-9F87-458891B787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*", matchCriteriaId: "C15E39AA-79CE-48A7-9629-AC75EC444B6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*", matchCriteriaId: "2592E246-7208-4CC5-8004-D2AEAB45380C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*", matchCriteriaId: "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*", matchCriteriaId: "41EB109A-9CF3-498C-93B2-07A31D3CB09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.", }, { lang: "es", value: "Zoho ManageEngine OpManager 5.7 antes de la build 5702 tiene Cross-Site Scripting (XSS) mediante la característica de búsqueda de empleados.", }, ], id: "CVE-2018-20485", lastModified: "2024-11-21T04:01:34.803", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-26T18:29:00.577", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-02-17 18:00
Modified
2024-11-21 01:18
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "40A75087-E063-4DDE-8C0A-296A2F3A29FD", versionEndIncluding: "4.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.", }, { lang: "es", value: "Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en el Employee Search Engine en ZOHO ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro searchString en la acción (1) showList o (2) Search.", }, ], id: "CVE-2010-3274", lastModified: "2024-11-21T01:18:25.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-02-17T18:00:03.073", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43241", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/8089", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.osvdb.org/70871", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.osvdb.org/70872", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/46331", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/8089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.osvdb.org/70871", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.osvdb.org/70872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/516396/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/46331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2011/0392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-09 14:15
Modified
2024-11-21 06:08
Severity ?
Summary
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports \"User Attempts Audit Report\" as CSV file. Note: The vendor disputes this vulnerability, claiming \"This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.", }, { lang: "es", value: "** EN DISPUTA ** Una vulnerabilidad de inyección CSV en el panel de inicio de sesión de ManageEngine ADSelfService Plus Versión: 6.1 Build No: 6101, puede ser explotada por un usuario no autenticado. El parámetro j_username parece ser vulnerable y se podría obtener un shell inverso si un usuario con privilegios exporta \"User Attempts Audit Report\" como archivo CSV. Nota: El proveedor disputa esta vulnerabilidad, afirmando que \"Esta no es una vulnerabilidad válida en nuestro producto ADSSP. No vemos esto como un problema de seguridad por nuestra parte\".", }, ], id: "CVE-2021-33256", lastModified: "2024-11-21T06:08:34.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-09T14:15:31.280", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1236", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-15 21:15
Modified
2025-02-13 18:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "725AEAF1-8E3C-4D33-B65D-C8304506A131", versionEndExcluding: "5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_appcreator:*:*:*:*:*:*:*:*", matchCriteriaId: "8A753D74-F09F-4C42-A7C2-4D3A280FCACC", versionEndExcluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2AEDFE0E-9C9A-4DF6-9918-B5BD4DC67624", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "21C65599-8166-4066-BF0F-5C3CC55F544A", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "C6CB1749-097D-4F9F-94DB-F35E72A42034", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*", matchCriteriaId: "06579974-7085-42B3-9F9F-A733A1CA37D9", versionEndExcluding: "11.2.2322.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_central_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "F551AC16-6CBA-4460-A05D-D083967BDF07", versionEndExcluding: "11.2.2322.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "DFE96B83-9684-4955-81C5-AD5B5BC817DF", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0FC58FEB-B8E4-4B1C-AE55-F4577D7BF505", versionEndExcluding: "10.1.2204.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:10.1.2207.4:*:*:*:*:*:*:*", matchCriteriaId: "A5B65D12-7DAE-4815-993C-7C5903E990DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "7C070B9E-FE09-4CFE-B489-DC9CED210CF1", versionEndExcluding: "1.2.2331.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "6B9C6675-2DDB-4FD6-8FA6-B3EE56F87F69", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FA4B79F8-4D04-4EA4-8754-355DB6CA71B8", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA39630-6CE1-46E3-AF49-67DB09308C5D", versionEndExcluding: "10.2.11", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A4D89B41-A239-4329-9BEA-6D52EE8644D8", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2CD7707C-0FE5-475D-8FB2-CDB19363421A", versionEndExcluding: "6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6300:*:*:*:*:*:*", matchCriteriaId: "F0C93DB0-3029-4D49-B180-6EFAEC4B712B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6301:*:*:*:*:*:*", matchCriteriaId: "F69BFD56-BA90-426C-9EF1-4BD925657BDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6302:*:*:*:*:*:*", matchCriteriaId: "1171C259-086C-42CA-BE56-5B410677F72C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6303:*:*:*:*:*:*", matchCriteriaId: "827B0C20-903F-48A5-8918-81F39202C21F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*", matchCriteriaId: "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*", matchCriteriaId: "72C14C6D-5C72-4A39-A8FF-93CD89C831C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*", matchCriteriaId: "D47DA377-0AF4-453E-9605-A5F87FA14E61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*", matchCriteriaId: "BC919233-CE66-416C-8649-B94A23F131F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E802FD77-E67A-438C-82CE-9FC7536FB14E", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*", matchCriteriaId: "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*", matchCriteriaId: "237AA2F5-B9A3-4C40-92AC-61FE47A017BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*", matchCriteriaId: "4C23A64C-65CB-447B-9B5F-4BB22F68FC79", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*", matchCriteriaId: "3489D84B-5960-4FA7-A2DD-88AE35C34CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*", matchCriteriaId: "D86AB1CC-0FDE-4CC1-BF64-E0C61EAF652F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*", matchCriteriaId: "076FDAE7-9DB2-4A04-B09E-E53858D208C7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*", matchCriteriaId: "07C08B57-FA76-4E24-BC10-B837597BC7E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*", matchCriteriaId: "0D734ACB-33E8-4315-8A79-2B97CE1D0509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*", matchCriteriaId: "9314CA98-7A69-4D2B-9928-40F55888C9FF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*", matchCriteriaId: "BCE7999C-D6AE-4406-A563-A520A171381D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*", matchCriteriaId: "D5716895-4553-4613-B774-0964D3E88AA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F", versionEndExcluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*", matchCriteriaId: "BFD452AD-7053-4C13-97DA-326C3DC6E26C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*", matchCriteriaId: "0B87956F-9C45-4A65-BEB2-77A247BD7A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*", matchCriteriaId: "17BE6347-1605-47DB-8CFE-B587E3AB4223", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*", matchCriteriaId: "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*", matchCriteriaId: "E6A7C5C6-0137-4279-A7EA-3439BE477A3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*", matchCriteriaId: "C921F1B2-69B4-448F-AC7C-2F4474507FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*", matchCriteriaId: "91DB9017-1BCF-48DB-97AE-4214150BAE77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*", matchCriteriaId: "D066B999-8554-49F0-92C3-1A4DDEA6E32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*", matchCriteriaId: "635F80E1-4A73-48DC-A128-D61716D70839", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*", matchCriteriaId: "E74FE1C4-471A-4040-96A4-0BE46745199B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*", matchCriteriaId: "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*", matchCriteriaId: "99C928C2-4711-4765-BDF2-E7FB448F5771", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*", matchCriteriaId: "EDF77387-21C7-45CA-B843-EBA956EE2BB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*", matchCriteriaId: "5C2C0067-538B-4102-8B4E-603BD4CE8F86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*", matchCriteriaId: "DAF47C10-AAE9-40CF-A033-44D54A81E69F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*", matchCriteriaId: "36D0331C-58EA-4B68-88C4-7A193BE5C62E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*", matchCriteriaId: "3CA59781-E48C-487E-B3AF-96560F3152EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*", matchCriteriaId: "E4812B9E-15CA-4700-9115-EAE0A97F0E3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*", matchCriteriaId: "CE513A2B-0371-4D3C-A502-CDA3DB474F3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*", matchCriteriaId: "5E498ACE-8332-4824-9AFE-73975D0AC9EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*", matchCriteriaId: "F070B928-CF57-4502-BE26-AD3F13A6ED4B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*", matchCriteriaId: "635D24F2-9C60-4E1A-BD5F-E5312FA953A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*", matchCriteriaId: "5E983854-36F8-407F-95C8-E386E0F82366", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*", matchCriteriaId: "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*", matchCriteriaId: "7820751F-E181-4BB7-8DAF-BF21129B24D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*", matchCriteriaId: "14ADB666-EEB9-4C6D-93F4-5A45EBA55705", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*", matchCriteriaId: "93C4B398-8F9A-44AC-8E43-C4C471DE9565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*", matchCriteriaId: "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*", matchCriteriaId: "C7EF76FE-3FD9-4548-A372-22E280484ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4162:*:*:*:*:*:*", matchCriteriaId: "0F95BCBE-399F-4CCC-A17B-C0C3A03A99AB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "C12C9470-3D3B-426E-93F9-79D8B9B25F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "227F1242-E0A9-45C5-9198-FD8D01F68ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "2FE57085-2085-4F62-9900-7B8DFC558418", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6120:*:*:*:*:*:*", matchCriteriaId: "CAB7FA92-DC12-4E8A-91CC-3C98ED74E47B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6121:*:*:*:*:*:*", matchCriteriaId: "D04530C2-E4D0-4717-95DB-B7C224348502", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6125:*:*:*:*:*:*", matchCriteriaId: "9BBD018F-C1FD-4A0F-A145-253D86185F6E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "E913F3D6-9F94-4130-94FF-37F4D81BAEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "34D23B58-2BB8-40EE-952C-1595988335CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "322920C4-4487-4E44-9C40-2959F478A4FA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "014DB85C-DB28-4EBB-971A-6F8F964CE6FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "5E9B0013-ABF8-4616-BC92-15DF9F5CB359", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "5B744F32-FD43-47B8-875C-6777177677CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "D3012C17-87F5-4FFD-B67B-BEFF2A390613", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "1E33D368-2D81-4C7E-9405-7C0A86E97217", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*", matchCriteriaId: "7AA9384F-6401-4495-B558-23E5A7A7528C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*", matchCriteriaId: "E492F955-0734-4AE4-A59F-572ADF0CFE75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*", matchCriteriaId: "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A9BB59DF-8786-4DC0-9254-F88417CA7077", versionEndExcluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*", matchCriteriaId: "6BA1E99E-789C-4FDD-AA89-4C5391B95320", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*", matchCriteriaId: "7EA6EC34-6702-4D1A-8C63-5026416E01A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*", matchCriteriaId: "0720F912-A070-43E9-BD23-4FAD00026DCF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*", matchCriteriaId: "161C81D2-7281-4F89-9944-1B468B06C264", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*", matchCriteriaId: "718EEA01-B792-4B7E-946F-863F846E8132", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*", matchCriteriaId: "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*", matchCriteriaId: "47BBC46A-16C7-4E9B-A49A-8101F3039D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*", matchCriteriaId: "D989FB08-624D-406B-8F53-A387900940F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*", matchCriteriaId: "8ADB6CFE-1915-488C-93FE-96E8DF3655F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*", matchCriteriaId: "EDCCB442-D0E4-47C7-A558-36657A70B3CF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*", matchCriteriaId: "8794F807-1D50-44D4-8969-FD68EFF2F643", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*", matchCriteriaId: "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*", matchCriteriaId: "6976DCDA-E27A-4367-8EFE-74DC6F63018F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*", matchCriteriaId: "101908A5-CAEF-44F8-A6C8-FE01CA9FA836", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*", matchCriteriaId: "F957BE56-474A-4593-8710-F86DB13C7407", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*", matchCriteriaId: "B8479442-1A4A-4F27-9778-664C7693C815", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*", matchCriteriaId: "EEF00ADC-105F-4B7E-857B-17565D67C7D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*", matchCriteriaId: "CA292949-6E99-49A5-94F7-23448494F5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*", matchCriteriaId: "863CBE20-60A5-4A08-BF16-4E40E88B9AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*", matchCriteriaId: "28A105B4-7BF0-4054-AAE7-8453E13E2B63", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*", matchCriteriaId: "94C78301-44B7-45B2-836E-15E45FAC8625", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*", matchCriteriaId: "F408067C-13C1-40BE-8488-9EB7FF0EDF9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*", matchCriteriaId: "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4531:*:*:*:*:*:*", matchCriteriaId: "DC06E46F-441E-445B-A780-702B170901DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4532:*:*:*:*:*:*", matchCriteriaId: "A8A98287-DB5D-44A3-B835-54BACFC12944", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4533:*:*:*:*:*:*", matchCriteriaId: "53F32DE7-F211-4BEF-99C1-CE38EFDBCCC2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4535:*:*:*:*:*:*", matchCriteriaId: "91C3EE55-B71B-432C-A68E-BB126A715375", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4536:*:*:*:*:*:*", matchCriteriaId: "FD48F21A-2D38-4EB8-B190-58CF176C1EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4537:*:*:*:*:*:*", matchCriteriaId: "76346162-0BF0-4B21-82D2-2548A989396A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4538:*:*:*:*:*:*", matchCriteriaId: "5313C4EF-A960-4BCA-AA97-EDC88402A175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E4282B6D-6C85-4F13-B789-E641FB5986FE", versionEndExcluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*", matchCriteriaId: "A160274C-F07A-43D9-A4DB-8773F004B9B0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*", matchCriteriaId: "341DF953-3DC7-476E-A79D-8CBD011C52A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*", matchCriteriaId: "AB6582AC-03DB-4905-BD03-EEDC314EB289", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*", matchCriteriaId: "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*", matchCriteriaId: "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*", matchCriteriaId: "1592B321-1D60-418D-9CD8-61AEA57D8D90", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*", matchCriteriaId: "E582FA9F-A043-4193-961D-A49159F1C921", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*", matchCriteriaId: "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*", matchCriteriaId: "28EAB920-2F01-483E-9492-97DBFBD7535F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*", matchCriteriaId: "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*", matchCriteriaId: "37976BE2-4233-46F7-B6BB-EFA778442AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*", matchCriteriaId: "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*", matchCriteriaId: "C069FF04-4061-4560-BA55-1784312047A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*", matchCriteriaId: "0D428FA6-08BA-4F7E-B1C7-4AFD17919899", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*", matchCriteriaId: "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*", matchCriteriaId: "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*", matchCriteriaId: "EF9477F5-C6FD-4589-917B-FD206371DB33", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*", matchCriteriaId: "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*", matchCriteriaId: "8CB27467-3157-466A-B01C-461348BD95C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*", matchCriteriaId: "2D575B4D-D58A-4B92-9723-4AB54E29924A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*", matchCriteriaId: "E76BB070-9BC9-4712-B021-156871C3B06A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*", matchCriteriaId: "52D35850-9BE1-479A-B0AF-339E42BCA708", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*", matchCriteriaId: "681A77B6-7E22-4132-803B-A0AD117CE7C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4531:*:*:*:*:*:*", matchCriteriaId: "EF72A1BF-EE5D-4F43-B463-7E51285D4D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4532:*:*:*:*:*:*", matchCriteriaId: "2FDD429A-E938-483A-BCCF-50A2AD4096CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4533:*:*:*:*:*:*", matchCriteriaId: "162D604A-7F0E-44CF-9E48-D8B54F8F3509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4535:*:*:*:*:*:*", matchCriteriaId: "AD38FA0F-B94F-4731-A652-07702EE0B808", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4536:*:*:*:*:*:*", matchCriteriaId: "F2C3767E-A56B-4580-AF8C-9BF5852EE414", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4537:*:*:*:*:*:*", matchCriteriaId: "5434E8CB-8DD0-4245-AF61-CF3A69BD0C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4538:*:*:*:*:*:*", matchCriteriaId: "C2403DA1-FBF8-495E-B996-4060F6BE6EE9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "30C9A012-AD39-45B2-BA3F-8D7180FC5390", versionEndExcluding: "4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*", matchCriteriaId: "7C5E7CE6-F85E-49B2-9078-F661AA3723C4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*", matchCriteriaId: "1194B4C2-FBF2-4015-B666-235897971DD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*", matchCriteriaId: "4F5F0CA5-CEC3-4342-A7D1-3616C482B965", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4403:*:*:*:*:*:*", matchCriteriaId: "B7B8A2F3-5F46-40B2-A4E7-118341443C53", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4404:*:*:*:*:*:*", matchCriteriaId: "767BF16D-8CD8-4E8A-9A3B-CB11EB48FB9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "658DC76D-E0FE-40FA-B966-6DA6ED531FCD", versionEndExcluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*", matchCriteriaId: "948993BE-7B9E-4CCB-A97F-28B46DFE52A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*", matchCriteriaId: "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*", matchCriteriaId: "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*", matchCriteriaId: "4C8B3F77-7886-4F80-B75A-59063C762307", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*", matchCriteriaId: "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*", matchCriteriaId: "A708628C-31E8-4A52-AEF7-297E2DDFA0C8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*", matchCriteriaId: "A8A01385-A493-42C0-ABBE-6A30C8594F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*", matchCriteriaId: "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*", matchCriteriaId: "B6865936-A773-4353-8891-8269508B2180", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*", matchCriteriaId: "9CAD778E-8FDB-4CE2-A593-75EEA75F6361", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*", matchCriteriaId: "52A9BA64-A248-4490-BDA7-671D64C0B3CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*", matchCriteriaId: "DFF0A7E8-888B-4CBE-B799-16557244DDF3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*", matchCriteriaId: "8B480202-7632-4CFA-A485-DDFF1D1DB757", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*", matchCriteriaId: "AB9B0721-49FD-49E7-97E4-E4E3EBF64856", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*", matchCriteriaId: "874F5DDD-EA8D-4C1E-824A-321C52959649", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*", matchCriteriaId: "8CAA4713-DA95-46AC-AFA5-9D22F8819B06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*", matchCriteriaId: "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*", matchCriteriaId: "832AAAAF-5C34-4DDF-96A4-080002F9BC6A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*", matchCriteriaId: "29ED63C4-FB06-41AC-ABCD-63B3233658A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*", matchCriteriaId: "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*", matchCriteriaId: "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*", matchCriteriaId: "51400F37-6310-44A3-A683-068DF64D20F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*", matchCriteriaId: "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*", matchCriteriaId: "78CB8751-856A-41AC-904A-70FA1E15A946", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*", matchCriteriaId: "72B7E27E-1443-46DC-8389-FBD337E612F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*", matchCriteriaId: "F9BB1077-C1F5-4368-9930-8E7424E7EB98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*", matchCriteriaId: "EE307CE4-574D-4FF7-BED6-5BBECF886578", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6062:*:*:*:*:*:*", matchCriteriaId: "49E40C74-7077-4366-82A7-52B454725B3A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6070:*:*:*:*:*:*", matchCriteriaId: "038D7936-C837-4E49-89BC-D11DF2C875D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6071:*:*:*:*:*:*", matchCriteriaId: "D1DC87E8-3053-4823-BFDB-46BAF3FCEFF8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6072:*:*:*:*:*:*", matchCriteriaId: "E384B5D8-CF9A-4C6D-AB4A-5B1A66768ADB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:*:*:*:*:*:*:*:*", matchCriteriaId: "DC606E6A-3523-41D5-94C9-A62E8630A687", versionEndExcluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*", matchCriteriaId: "7001A0A7-159C-48A3-9800-DAFBA31D05BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*", matchCriteriaId: "583B46D4-529F-404F-9CF3-4D7526889682", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*", matchCriteriaId: "0D89C2A2-CE20-4954-8821-C73F9E3EC767", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*", matchCriteriaId: "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*", matchCriteriaId: "233874F0-A19F-447C-ACE2-5DD06829C920", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*", matchCriteriaId: "C4447E47-C6DB-440D-AF35-8130687E9BB2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*", matchCriteriaId: "405ECB05-7E35-4927-A19A-92A4B7FE8B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*", matchCriteriaId: "9F1EC2A5-7498-40F9-91A4-B004AEA1136C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*", matchCriteriaId: "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*", matchCriteriaId: "DD3B14B6-8329-43C4-AE42-13279E77275E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*", matchCriteriaId: "7792B448-4D34-42F8-919C-344783D625E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*", matchCriteriaId: "E297C040-0523-4A50-97AB-349880D5B3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*", matchCriteriaId: "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*", matchCriteriaId: "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*", matchCriteriaId: "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*", matchCriteriaId: "6E0C9493-EB87-4197-AF8B-BCA25488BCDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*", matchCriteriaId: "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*", matchCriteriaId: "FBD7855F-4B66-4F43-960C-73E69C52E865", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*", matchCriteriaId: "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*", matchCriteriaId: "36A68C2E-978A-4F82-AC61-E9E7CA9908A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4046:*:*:*:*:*:*", matchCriteriaId: "6C8D7EA7-7CC3-48B0-B966-71A69FDE6A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4047:*:*:*:*:*:*", matchCriteriaId: "05D804B6-5990-42A7-A072-8F904A5262E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4048:*:*:*:*:*:*", matchCriteriaId: "0C720653-317E-4B1C-AFA8-90FAE97430C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90001:*:*:*:*:*:*", matchCriteriaId: "A9C350FA-E483-4C06-A784-5679ED0471BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90063:*:*:*:*:*:*", matchCriteriaId: "15A47AA7-8B49-41EC-AB57-5706989DF756", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90064:*:*:*:*:*:*", matchCriteriaId: "D1CCB7C8-86B9-4DA8-93D0-F96B81C82F32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90065:*:*:*:*:*:*", matchCriteriaId: "397140D3-2424-42D9-9900-625EC4E95D22", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90066:*:*:*:*:*:*", matchCriteriaId: "BA8C9A27-572E-407F-826A-1206394044D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90067:*:*:*:*:*:*", matchCriteriaId: "7601CC24-FC2D-4805-A975-2D307DECDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90068:*:*:*:*:*:*", matchCriteriaId: "A513B136-7DC5-48DD-BDCB-1620A14849B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90069:*:*:*:*:*:*", matchCriteriaId: "0858CFDE-7D76-4A63-BE21-A73310AD17BD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90070:*:*:*:*:*:*", matchCriteriaId: "1BD8F9F8-89EB-422E-A4B1-E715AFD72341", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90071:*:*:*:*:*:*", matchCriteriaId: "E0271D12-94E8-4345-9666-4A47A5AAB824", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90072:*:*:*:*:*:*", matchCriteriaId: "513337E6-D805-461B-812F-D6EEA0921883", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90073:*:*:*:*:*:*", matchCriteriaId: "8EB5C610-33AC-486C-AF48-4A889D429420", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90074:*:*:*:*:*:*", matchCriteriaId: "81FC1ED5-99FF-4C30-BCE0-5CDC7A5E4C03", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90075:*:*:*:*:*:*", matchCriteriaId: "EA473C80-4100-4170-9601-8C9EEB5F64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90076:*:*:*:*:*:*", matchCriteriaId: "5D2C41A7-1602-43CD-9E6D-A0178931C020", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90077:*:*:*:*:*:*", matchCriteriaId: "238E3508-0230-441E-8114-6EEB79E22632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90078:*:*:*:*:*:*", matchCriteriaId: "2C85C7DB-BC46-4D0A-8353-C2DB51BFFD85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90079:*:*:*:*:*:*", matchCriteriaId: "0BAAFCD6-5945-46BE-9380-5C2F79060B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90080:*:*:*:*:*:*", matchCriteriaId: "B6E108C0-075A-493D-B8AE-343D81BEC9C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90081:*:*:*:*:*:*", matchCriteriaId: "CA614153-4E29-45AB-BBC2-9BA0CDAD4B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90082:*:*:*:*:*:*", matchCriteriaId: "F95B1920-005C-494C-A9A9-C72502E45723", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90083:*:*:*:*:*:*", matchCriteriaId: "DA3C51B7-B8A0-42F4-ADC9-C949B610EE2E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90084:*:*:*:*:*:*", matchCriteriaId: "180D4816-E5D0-406B-B289-4B1984250B50", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90085:*:*:*:*:*:*", matchCriteriaId: "57883D51-1188-4C14-B2EF-26FD4B156526", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90086:*:*:*:*:*:*", matchCriteriaId: "D5A59B7E-74CF-425F-B814-313D5F1F7670", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90087:*:*:*:*:*:*", matchCriteriaId: "327F6B11-9176-4791-96D0-FAD8EBE9D5E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90088:*:*:*:*:*:*", matchCriteriaId: "5E057023-0175-4DB5-98A4-942FB81AF59A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90089:*:*:*:*:*:*", matchCriteriaId: "28E12A60-CEB6-46BD-A4E8-48651A651E5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90090:*:*:*:*:*:*", matchCriteriaId: "25FA111C-01EA-49CA-BF67-A8C8C9A6E415", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90091:*:*:*:*:*:*", matchCriteriaId: "855DD295-DB63-4AF1-8C5A-0904BF049658", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90092:*:*:*:*:*:*", matchCriteriaId: "CDFE095C-C659-44BE-9740-C8B712165912", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90093:*:*:*:*:*:*", matchCriteriaId: "FFB28D66-83BF-4685-9015-0B30021C59C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90094:*:*:*:*:*:*", matchCriteriaId: "9B82AA92-96B6-4841-BAC0-AA1487CBEB7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90095:*:*:*:*:*:*", matchCriteriaId: "81A65567-42E6-416B-8FB0-2571FDF60207", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90096:*:*:*:*:*:*", matchCriteriaId: "2193F4C6-5679-487B-82B8-C55A874ED5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90097:*:*:*:*:*:*", matchCriteriaId: "124CB5EC-44C1-4136-B495-053F2299E59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90098:*:*:*:*:*:*", matchCriteriaId: "A183735E-12AF-4692-A228-FE3B1169ABBC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90099:*:*:*:*:*:*", matchCriteriaId: "3C1C57BB-73A7-4B48-B99C-A18E1CE55553", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90100:*:*:*:*:*:*", matchCriteriaId: "020F4E45-45D2-4F1A-BAF8-8C61F45F5770", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90101:*:*:*:*:*:*", matchCriteriaId: "039F68D9-A36A-44BE-A457-790ECCB20FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90102:*:*:*:*:*:*", matchCriteriaId: "23BDB028-FCCE-4A9D-887B-6A6F8166CFCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90103:*:*:*:*:*:*", matchCriteriaId: "5210BAA8-2ECC-49AA-8408-815433DC28D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90104:*:*:*:*:*:*", matchCriteriaId: "C8DC19CC-3F95-4753-8037-FB627D1D6167", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90105:*:*:*:*:*:*", matchCriteriaId: "93F07AFE-4E9A-4001-A17A-606A7B5E83F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90106:*:*:*:*:*:*", matchCriteriaId: "06B25C38-DE86-4F3E-918E-BC70FCC0054B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90107:*:*:*:*:*:*", matchCriteriaId: "E3F2E0E6-01D2-418D-872E-B117259E990F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90108:*:*:*:*:*:*", matchCriteriaId: "41D80E46-35FE-45E5-96D6-28691C0847DA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90109:*:*:*:*:*:*", matchCriteriaId: "4D7768DA-1111-4557-A0D6-D3A74AC7FA54", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90110:*:*:*:*:*:*", matchCriteriaId: "B3001463-3729-4216-B420-602A11C74244", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90111:*:*:*:*:*:*", matchCriteriaId: "9A68EC19-3A57-41C4-90FA-CB1BF20EB8DA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90112:*:*:*:*:*:*", matchCriteriaId: "193913B2-25D1-4779-B7E6-ACC5992AFC97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90113:*:*:*:*:*:*", matchCriteriaId: "E7AA77AA-E00E-4125-A698-12B30434F632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90114:*:*:*:*:*:*", matchCriteriaId: "229FBCFC-2810-44D1-9687-A7C060F6F9D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90115:*:*:*:*:*:*", matchCriteriaId: "99C3BBC2-F1D3-4873-A8FB-1B79A2163F74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90116:*:*:*:*:*:*", matchCriteriaId: "4A06EF86-915C-4D09-965B-3A9D4DFC96B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90117:*:*:*:*:*:*", matchCriteriaId: "3D67F80D-E999-4E46-8386-8122DC17DBCC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90118:*:*:*:*:*:*", matchCriteriaId: "2593B38A-1281-41C9-B065-E6EFDF6BD71C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90119:*:*:*:*:*:*", matchCriteriaId: "B61541E8-5818-475B-9E54-C45C71C14A9E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90120:*:*:*:*:*:*", matchCriteriaId: "84DE1BA0-8C36-44DF-91A0-96EA6EF736D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90121:*:*:*:*:*:*", matchCriteriaId: "BB2F2DEA-5E03-442E-A46B-B6C218BF3273", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90122:*:*:*:*:*:*", matchCriteriaId: "CCEFA415-47D7-4DA2-B541-DD0B67AF30A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90123:*:*:*:*:*:*", matchCriteriaId: "B147B06A-969E-4541-A863-DF4045D39527", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:*:*:*:*:*:*:*:*", matchCriteriaId: "B20C46B3-C23E-42AF-BA81-117B8541171B", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90012:*:*:*:*:*:*", matchCriteriaId: "A897E8C8-6058-4BEC-BF00-3E8614238E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90013:*:*:*:*:*:*", matchCriteriaId: "8B39A3B3-5B9E-4B31-9CE2-3625EA9C9AD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90014:*:*:*:*:*:*", matchCriteriaId: "FBF5AF44-E30B-4948-B0E2-42EE062DC3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90015:*:*:*:*:*:*", matchCriteriaId: "356F078A-9887-423A-8BA7-74201DE109F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90016:*:*:*:*:*:*", matchCriteriaId: "9B8887A3-14C6-4DFB-9EBF-35966B4E6158", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90017:*:*:*:*:*:*", matchCriteriaId: "3A0FE6B3-E037-45F4-A907-51CD99E7B8DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90018:*:*:*:*:*:*", matchCriteriaId: "250CFA85-89C5-4F75-AF0F-BEA9C816E54E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90019:*:*:*:*:*:*", matchCriteriaId: "85B8B8F4-951D-446C-A8F8-EEBDC385D83E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90020:*:*:*:*:*:*", matchCriteriaId: "288C8246-7367-4D10-A0D4-5426B7EA17A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90021:*:*:*:*:*:*", matchCriteriaId: "59326535-A08E-4588-BAB8-9DF094FB61F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90022:*:*:*:*:*:*", matchCriteriaId: "077B9DBD-190C-4F20-BD3A-64D6887B7930", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90030:*:*:*:*:*:*", matchCriteriaId: "0587320F-C57E-41F7-B31F-1EA52ED234B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90031:*:*:*:*:*:*", matchCriteriaId: "0911BEEC-A6E4-440C-8217-A7FAAC1D3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90032:*:*:*:*:*:*", matchCriteriaId: "A9D9805F-4F6B-4A15-A444-3B6538BCDDB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90033:*:*:*:*:*:*", matchCriteriaId: "48901205-BDE9-4CBA-9E3B-779D949CBF58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90034:*:*:*:*:*:*", matchCriteriaId: "69539391-6C6A-498A-B952-D4F12C2FEC4D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90035:*:*:*:*:*:*", matchCriteriaId: "4A36B8AA-987B-4112-8B67-5BC306F9CF86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90036:*:*:*:*:*:*", matchCriteriaId: "96E9422A-CA9D-4BC8-90DB-3E3A1966E94C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90041:*:*:*:*:*:*", matchCriteriaId: "11A2E17D-3B33-4531-B78B-156BC2C7E53A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90042:*:*:*:*:*:*", matchCriteriaId: "4C34129B-5A15-4BE9-BB15-66101A5EAB65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90043:*:*:*:*:*:*", matchCriteriaId: "DA9A87D7-0707-4321-B5D2-2B4CBC66E838", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90044:*:*:*:*:*:*", matchCriteriaId: "C2C06D73-9BEA-4604-BE73-3CE8A2DDD52A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90056:*:*:*:*:*:*", matchCriteriaId: "DAA7B941-6FE6-45CA-931D-6414DFEA9B50", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90057:*:*:*:*:*:*", matchCriteriaId: "F7EEEF6C-DD29-4E6F-BED7-AE10184C2F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90058:*:*:*:*:*:*", matchCriteriaId: "D36AD9EC-82D0-451B-ADD4-1EEC0FDC389B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90072:*:*:*:*:*:*", matchCriteriaId: "F68164FC-9A09-4145-97B8-99EE5532E6E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90074:*:*:*:*:*:*", matchCriteriaId: "2FB5646D-11C7-4878-9471-4F6D483CE979", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90075:*:*:*:*:*:*", matchCriteriaId: "BBC0A0C3-C33E-46E9-A099-A5A66F576138", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90076:*:*:*:*:*:*", matchCriteriaId: "76584957-0388-4421-8336-75EE90D00349", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90077:*:*:*:*:*:*", matchCriteriaId: "05C542D5-7E3A-46E2-8CB6-A13159EFA4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90078:*:*:*:*:*:*", matchCriteriaId: "7E7BF415-29D3-4BD0-8613-317D7EC7C992", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90079:*:*:*:*:*:*", matchCriteriaId: "7F046602-4595-48C8-83F5-A43FD501003F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90080:*:*:*:*:*:*", matchCriteriaId: "FC5B464F-D327-4181-A911-2E3683B914B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90081:*:*:*:*:*:*", matchCriteriaId: "025D8F22-968F-44B6-83E1-13DAB7A514A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90082:*:*:*:*:*:*", matchCriteriaId: "F9F60549-59CE-47D0-BF2A-91B84A0B1984", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90083:*:*:*:*:*:*", matchCriteriaId: "6F982139-0EDC-411C-A074-A29963DCA328", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90084:*:*:*:*:*:*", matchCriteriaId: "FBED4ED7-E991-48D0-AE27-71F9DEA5EDA8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90085:*:*:*:*:*:*", matchCriteriaId: "8C6BE721-D851-406E-9AAF-01F9A9E15ADF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90086:*:*:*:*:*:*", matchCriteriaId: "F1D6E935-53D3-462D-9DD8-91BFEC90BB2F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90087:*:*:*:*:*:*", matchCriteriaId: "E580F0AB-B840-4293-8639-4B7DD7981EAB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90088:*:*:*:*:*:*", matchCriteriaId: "2CC8FE34-A5C9-4EF7-AA05-BEE403AB3B73", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90090:*:*:*:*:*:*", matchCriteriaId: "A80444F6-755F-4FE3-96B3-744A842D40AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "0026FC79-6554-4B68-89EB-D7A8422C7406", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "94F878CC-E691-41E9-A90D-72EA25038963", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*", matchCriteriaId: "6D1EA156-BD95-4AAA-B688-0CD62CCDB60A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*", matchCriteriaId: "8033E51C-D261-4A12-96CD-AE1F13BFD2AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*", matchCriteriaId: "9EE1E1E6-ED1C-443A-A576-AD47D65082B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*", matchCriteriaId: "3E283214-CE6A-4CD6-9E9B-7BF09C37447D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "8FF84A5E-C43B-4637-B725-1087D2057EED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*", matchCriteriaId: "25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*", matchCriteriaId: "46E32091-F91D-4706-A4F9-DC658CF36A6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*", matchCriteriaId: "AC7D1106-6708-4A84-A077-286376C72AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*", matchCriteriaId: "071B3368-D7C2-4EE1-808F-1F4A3C3A4756", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*", matchCriteriaId: "4E9D5882-91D6-4E9D-AD8B-F3861D987826", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*", matchCriteriaId: "17931D40-369C-430F-B5ED-FAF69FAA0E3F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*", matchCriteriaId: "02B4D022-BC43-4041-BA2B-60A6D42AD150", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*", matchCriteriaId: "15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "5ED17849-BC14-4996-9DF9-7645B1E17374", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*", matchCriteriaId: "D91F6CC5-EDBE-420F-8871-03B8D10254B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*", matchCriteriaId: "E82C682C-9F61-45B7-B934-8D6DDBA792AC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*", matchCriteriaId: "2FC7728B-9FFC-4A8F-BE24-926B8C2823AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "78BE6CCE-706E-436B-A6E6-26E7D044B209", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*", matchCriteriaId: "8BD54A67-C531-4642-90D4-C6E402D55AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*", matchCriteriaId: "9DF164BD-EF39-42E2-807D-F298D68A8D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*", matchCriteriaId: "5D85766D-1BAC-4477-96D6-EA989D392128", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*", matchCriteriaId: "CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*", matchCriteriaId: "16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*", matchCriteriaId: "F3D18E27-EE06-4555-A675-1BAC7D3DD8E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*", matchCriteriaId: "0FEFDFF7-5538-4C53-922A-A5E71A0D643E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*", matchCriteriaId: "02463016-7156-470F-8535-EF4C7E150546", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*", matchCriteriaId: "8DEB616C-2DDC-4138-B6FC-8B2680D35485", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*", matchCriteriaId: "D51E7B22-9293-4086-B143-2D279597A5CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*", matchCriteriaId: "BB4D8585-6109-45C0-94B4-667D11F0509F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*", matchCriteriaId: "97CB62BA-09FA-446D-A8CF-958980B67F13", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*", matchCriteriaId: "F871111C-4B61-4C50-ABDA-78D8D988DCD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*", matchCriteriaId: "9950CFB9-FCDE-4696-97AF-251467270375", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*", matchCriteriaId: "B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*", matchCriteriaId: "56BCA911-733C-4F8C-B3CD-22F3E6CA1F38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*", matchCriteriaId: "A1281E75-AC6D-4077-9207-7CA7E5BCB1CF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*", matchCriteriaId: "CC052CBA-2B37-4E84-978D-36185EE1A3A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "72CC7428-8DD0-45DB-8D80-C02CD9B6CB65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*", matchCriteriaId: "0C1691B0-FA38-4A29-8D49-D99A675C122A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*", matchCriteriaId: "194ACE61-101D-40C3-9377-12039533AB45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*", matchCriteriaId: "86428D44-03BC-4528-ADB5-3AC05231759D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*", matchCriteriaId: "B694D0FC-320A-44F9-9FFB-0706CDD3004C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*", matchCriteriaId: "BE298317-10EE-4A34-B4D0-8D03B727A75B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*", matchCriteriaId: "B0A1B243-163D-461B-BEAB-81E6E2DB36EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*", matchCriteriaId: "5E86C3A0-700E-4CB2-AFDC-F203C61D413C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*", matchCriteriaId: "A550184D-13BD-4F2A-9DE5-AC66B496FFC2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*", matchCriteriaId: "538BCF38-69B6-4686-B1F1-82B10175CCBD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*", matchCriteriaId: "F29A6AE3-B864-4552-9BE9-074CB6935B07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "7CD2AB8D-F638-48E0-A5D6-1E969F9998B4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "76528168-A54D-4398-B558-6DC27ACCBFBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*", matchCriteriaId: "6C1DCA3B-41B8-402B-B5E8-2C3494C36B77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*", matchCriteriaId: "531A9E5C-9C45-4982-8ADE-5B41CE5F5B48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*", matchCriteriaId: "FA70F031-A7EF-49F5-A1F6-C3DD33198D86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*", matchCriteriaId: "5DF093BF-830B-4C9A-A4B2-41C7811E4EFA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*", matchCriteriaId: "AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*", matchCriteriaId: "A2176672-0E34-4B46-9202-483F1D315836", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*", matchCriteriaId: "FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "94AF723B-F1B7-44A8-B654-7C10881A6AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:*", matchCriteriaId: "0C65E8BE-968F-4AB8-BD3F-A123C66E576A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:*", matchCriteriaId: "9A4C70B1-A902-4835-BFFC-692CA91C1317", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "06FE113C-94B6-419B-8AA0-767EA74D11ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:*", matchCriteriaId: "C30413D5-7F5B-47EE-825E-CEEF69DAC5B7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:*", matchCriteriaId: "57DA6C66-3235-4923-89D0-EF093FF4126F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:*", matchCriteriaId: "82307372-C2CF-4E19-9D1D-7D33FCCE8F5B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "A5289D80-1C75-4819-B615-8259B25B1E9E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:*", matchCriteriaId: "25CC8F8B-9072-41E3-8045-25D12EE22427", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:*", matchCriteriaId: "6000E214-BF19-469C-A7CA-CC91465B2CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:*", matchCriteriaId: "1AA9EA4B-DD82-46E7-9C44-77AC076F61CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:*", matchCriteriaId: "50E697EA-0A78-477D-B726-AC54EE868244", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:*", matchCriteriaId: "E64AAB62-43C4-4284-B2AA-1DC55B972803", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125346:*:*:*:*:*:*", matchCriteriaId: "E3A43E19-D06D-4856-AA55-02B8148EAB49", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125358:*:*:*:*:*:*", matchCriteriaId: "310C491E-92CE-4EE8-9CDE-70640DE9CAB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125359:*:*:*:*:*:*", matchCriteriaId: "A82217B5-0A11-4BE6-ACEF-991B2DFE53D6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125360:*:*:*:*:*:*", matchCriteriaId: "7C69DA1F-F0A3-4E9F-96E2-F7A4E9B876C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125361:*:*:*:*:*:*", matchCriteriaId: "033944E6-8A01-4566-81C4-2B76F10C2839", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "3D969C61-1F9A-4B97-B6DA-04F84E3E2936", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125364:*:*:*:*:*:*", matchCriteriaId: "9984754B-1FA5-4CDF-AFC3-BD97C6C6B177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125366:*:*:*:*:*:*", matchCriteriaId: "718427DB-57A7-4AB0-AA4C-7716E5A5F084", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125367:*:*:*:*:*:*", matchCriteriaId: "CD43B869-6A7F-461D-A870-448C91FB7A02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125375:*:*:*:*:*:*", matchCriteriaId: "98DD8376-4B21-4024-878D-DB74D1FF7A2E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125376:*:*:*:*:*:*", matchCriteriaId: "5E8B8FBA-39ED-4E7A-AA1C-A6C15E8C92B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125377:*:*:*:*:*:*", matchCriteriaId: "4742B198-8630-4A45-AE87-6731BF56081A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125378:*:*:*:*:*:*", matchCriteriaId: "3782ABA4-5247-4349-8CD8-BCE85B98D44E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125379:*:*:*:*:*:*", matchCriteriaId: "C39E5DB9-1B75-4204-9B24-70F6294F1F42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125380:*:*:*:*:*:*", matchCriteriaId: "F9459981-3E65-489C-9A70-B582EC9C8BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "BF90B539-9180-4A96-9E2F-F35DCA6DD720", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125382:*:*:*:*:*:*", matchCriteriaId: "2A6D1150-602E-4006-9F6B-10C6649AC05B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125386:*:*:*:*:*:*", matchCriteriaId: "FB168E3D-63AB-45D7-AAC1-2D01CD6956F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125392:*:*:*:*:*:*", matchCriteriaId: "B8DCEAE6-AAE6-40B0-83B2-A579A6BF9854", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125393:*:*:*:*:*:*", matchCriteriaId: "FCFEA624-968F-4A0F-969D-2190B1269EAC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125394:*:*:*:*:*:*", matchCriteriaId: "64F9D21C-AC05-4629-864F-85AFA3789739", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125397:*:*:*:*:*:*", matchCriteriaId: "07E47F97-63EC-4BF1-AE54-3B510B66202D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125398:*:*:*:*:*:*", matchCriteriaId: "160765FF-9A56-4072-9580-C6DCB573B061", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "F1EE56C3-5F42-4D2C-AEC0-035078DAE445", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125405:*:*:*:*:*:*", matchCriteriaId: "16593100-F288-4013-BF48-48CA482FC62D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125410:*:*:*:*:*:*", matchCriteriaId: "5BCA02F3-EF72-4F28-9ABB-D75EB6CE3338", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125411:*:*:*:*:*:*", matchCriteriaId: "D8052948-7F5B-4E63-B1B7-B244D6A0AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125413:*:*:*:*:*:*", matchCriteriaId: "B6359934-CA70-4A8A-99E5-806555900EF6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125414:*:*:*:*:*:*", matchCriteriaId: "83BAAE61-540D-4E36-8B63-2438EC3B1479", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125415:*:*:*:*:*:*", matchCriteriaId: "008A2BF2-E18B-492F-9DFF-19618F998664", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125416:*:*:*:*:*:*", matchCriteriaId: "5023E77A-908C-41AE-ADC7-580F44ADC376", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125417:*:*:*:*:*:*", matchCriteriaId: "797D16E7-484D-4793-9040-74B815DC52B7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125420:*:*:*:*:*:*", matchCriteriaId: "7D923373-B575-44C8-9B4D-DB824EC59B68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125428:*:*:*:*:*:*", matchCriteriaId: "B88917EC-3ABB-475E-B374-272CE5272D56", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125430:*:*:*:*:*:*", matchCriteriaId: "BD457A1B-023A-42CF-ADED-648A061AAAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125431:*:*:*:*:*:*", matchCriteriaId: "9B9E22A4-676A-4D75-850F-15E5EC9A2911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125432:*:*:*:*:*:*", matchCriteriaId: "4E6BA9C0-59DB-49E5-826E-1CA885FA28CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125433:*:*:*:*:*:*", matchCriteriaId: "95715B71-FA63-40A2-9EA6-56250318FC73", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125434:*:*:*:*:*:*", matchCriteriaId: "2591F23D-DB1F-44B0-B67A-13483408DE4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125437:*:*:*:*:*:*", matchCriteriaId: "E4F035FB-54A9-47C0-8896-174A742E23B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125446:*:*:*:*:*:*", matchCriteriaId: "34B52052-FBFC-4803-B999-448A9385B613", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125448:*:*:*:*:*:*", matchCriteriaId: "A1F97594-BF89-4B5D-B1CE-706708891450", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*", matchCriteriaId: "A436DAC3-05F7-48DE-A2E2-0084AE31D9A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*", matchCriteriaId: "544961BA-03CA-49D6-AB7C-CFF597B3BB8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*", matchCriteriaId: "9CDBD0CB-8495-44A1-BF9B-29A195D9F718", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*", matchCriteriaId: "73B5365C-92ED-41CC-9B05-8BB1FE21F3C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*", matchCriteriaId: "B652092E-570C-4D4E-A133-627426C50F6E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*", matchCriteriaId: "DC13FB20-119C-47F9-870D-399811661896", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125457:*:*:*:*:*:*", matchCriteriaId: "BC457292-04FE-4643-8F1D-05DAEF3F70BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125466:*:*:*:*:*:*", matchCriteriaId: "29CBDA2B-5A6A-4DB0-AC37-EAD8E05B55BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "CD266A0D-E726-4BC7-B3B9-6E3176415188", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125468:*:*:*:*:*:*", matchCriteriaId: "046B7B6F-85DE-4BDB-8860-ECA208C4D697", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125469:*:*:*:*:*:*", matchCriteriaId: "C60E51D9-A842-49FF-8793-84C074DBE5EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125470:*:*:*:*:*:*", matchCriteriaId: "753B2FC9-342B-4456-85D9-27734BE7C6FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125476:*:*:*:*:*:*", matchCriteriaId: "BE930B14-4B22-4299-8DE8-7625342FC4E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "45B93007-AD6A-4978-9752-41DF72D34A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "863CBACB-F9A3-44AC-B795-C2C0EB5C9E3F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "AB28B644-BFD0-4588-B544-A139B26DDDE4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125486:*:*:*:*:*:*", matchCriteriaId: "944F7C2F-53D4-4933-BD63-DF15C5A5CD65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125487:*:*:*:*:*:*", matchCriteriaId: "F6D0F0D1-7DF5-4C8D-9B31-B347E5A567DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "870A721F-2991-4041-AB1D-DE3D953B8669", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125489:*:*:*:*:*:*", matchCriteriaId: "4F7FC0E5-8D0D-45CF-AEFA-180B79BC8B0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125567:*:*:*:*:*:*", matchCriteriaId: "7D394493-D690-44F0-B3F0-FD39E46F31C0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "AF8CBF57-EF1A-4C84-879B-1A4035F4236A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125587:*:*:*:*:*:*", matchCriteriaId: "2F1E924E-8896-41CE-82E2-F22943A02FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125588:*:*:*:*:*:*", matchCriteriaId: "FB058840-E3D0-45FA-B95F-3445A7719118", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125589:*:*:*:*:*:*", matchCriteriaId: "FD9B23C4-3458-4E6C-B1AB-D4A36BE8FFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125597:*:*:*:*:*:*", matchCriteriaId: "D2A7AA89-7233-4624-894A-B2B996D1D270", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125598:*:*:*:*:*:*", matchCriteriaId: "B6B402ED-8B64-4FB0-B9E7-76E499A4115F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125599:*:*:*:*:*:*", matchCriteriaId: "4E8B01F2-0A03-48CF-8BAE-556A9C3D88FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125601:*:*:*:*:*:*", matchCriteriaId: "3C07E022-B75C-4491-8A30-9A1532D0472C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125603:*:*:*:*:*:*", matchCriteriaId: "00E92DB5-8D53-4129-92D0-AD1DA0F1FEB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125604:*:*:*:*:*:*", matchCriteriaId: "913CD99C-8F47-47BD-BD7C-33762861BB08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125605:*:*:*:*:*:*", matchCriteriaId: "67B7F52E-7D7A-4AA9-9241-FFCC3DD49BBB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125611:*:*:*:*:*:*", matchCriteriaId: "D02650C3-1A7F-4889-B6CB-11994054B5F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125612:*:*:*:*:*:*", matchCriteriaId: "01FEA1CA-351B-4E2B-A78E-60338682F97F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125613:*:*:*:*:*:*", matchCriteriaId: "04C9E097-FE04-42BD-96C8-2A3A9FD50B25", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125614:*:*:*:*:*:*", matchCriteriaId: "94F895DB-C865-4AED-A1D9-CE69C0EF52FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "8B565B12-283F-4323-9C88-FD3CF5646DD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125616:*:*:*:*:*:*", matchCriteriaId: "9FDC3394-293E-44CF-A83F-FE047A4E4DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125617:*:*:*:*:*:*", matchCriteriaId: "01846F8F-D7D6-4CD9-B83E-41B70C691761", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125628:*:*:*:*:*:*", matchCriteriaId: "CAE013FC-357D-42DA-B223-D40B3C813089", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125629:*:*:*:*:*:*", matchCriteriaId: "E4BA87E9-5E37-41EE-835C-13F68ABC9C06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125630:*:*:*:*:*:*", matchCriteriaId: "D2034E17-2DB9-4229-B7D4-D14761CEE699", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125631:*:*:*:*:*:*", matchCriteriaId: "39FBAFB9-5703-4EEA-BFF3-45B958E0805F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "93A02A7E-02A8-4B74-AA9F-3DA0492748EF", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "24B04D73-0C55-49A8-B599-27C8C04948C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:*", matchCriteriaId: "97E74846-1666-4773-910D-77E0E19A7FCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:*", matchCriteriaId: "BB90B809-9D97-469F-B8F6-41B4AEAA2D3E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:*", matchCriteriaId: "423C8618-9F3B-4B83-902C-FF01027EC54A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:*", matchCriteriaId: "7E974B56-7A00-4582-AF8B-0D09B94477BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:*", matchCriteriaId: "7B6F8404-F624-41AA-BE8D-170D843EC290", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "D0FF81E5-2134-4F45-9B39-2E3D5208BB80", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:*", matchCriteriaId: "0D5DA95F-7C0F-4D05-BD35-DED356D01692", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:*", matchCriteriaId: "2B3A3EC3-DF7C-41A6-884C-C7C13D41B61E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:*", matchCriteriaId: "89EE3E31-8F55-4E44-8522-A32D6887AE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:*", matchCriteriaId: "979ED7B4-FAE3-4E98-A303-290E498FFD81", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:*", matchCriteriaId: "EDC62E2F-AB97-4008-A52B-9CDC341A06BD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:*", matchCriteriaId: "93DF7023-22AE-4A84-8734-06239013C10C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:*", matchCriteriaId: "2A128BED-75FA-42F1-9171-CBAEAA2366A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:*", matchCriteriaId: "5298BB50-8E22-490A-87C7-7F40B7F8F7C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:*", matchCriteriaId: "39C34F02-E413-4067-B958-86ADF89FA3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:*", matchCriteriaId: "A0673E69-A2DB-424C-BBF0-79D729230F1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:*", matchCriteriaId: "4F062A20-6FFE-479B-9E64-E4771490B041", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:*", matchCriteriaId: "C598244E-7483-4762-AC27-BD8036FEFE5E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:*", matchCriteriaId: "B188A792-EF1A-4292-BD91-47635706C430", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:*", matchCriteriaId: "BEFACD7A-D81B-4EDC-9E38-FD93FA0DE456", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:*", matchCriteriaId: "DF818138-079A-43BE-A8B5-5DA47FA443AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:*", matchCriteriaId: "27066A8F-75C4-42BF-A54B-543114B92995", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:*", matchCriteriaId: "A239C6F8-3FC0-4510-B33F-14B25908E68F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:*", matchCriteriaId: "E8399E84-1344-4472-91F3-F63255911876", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:*", matchCriteriaId: "8888C77E-04A7-4C34-B497-504F6217E07B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:*", matchCriteriaId: "7502D92A-3B51-4A76-88D6-E2D76A584075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:*", matchCriteriaId: "7E465A5F-C8B0-4AD0-8D6D-4823C5F8153D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:*", matchCriteriaId: "DBA622D6-CD85-4F0F-8CC3-39FE29754039", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:*", matchCriteriaId: "A0D2828B-B897-4F1D-B657-436DB3CAC2FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:*", matchCriteriaId: "98279B6E-8361-45CA-8912-F06972F4BD1B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:*", matchCriteriaId: "A7D879C8-E89F-45C1-9609-80B737080AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:*", matchCriteriaId: "3D8FD2DE-18D9-4F50-9256-672435059876", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:*", matchCriteriaId: "F01FEA58-BE5B-4CEC-831D-3BF05A20688D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*", matchCriteriaId: "039C6DE6-DEA2-42E9-AE55-322E8E6B048C", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "55EA00B6-DE5D-4DE4-85AC-38A1216B4923", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "BC4DF055-45CD-4B83-A7BA-59D6E46BD4D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125119:*:*:*:*:*:*", matchCriteriaId: "F9B51EF5-800F-446B-9F2D-47D45445E73E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "C4C2087D-1B7B-4DA4-8288-D5366BC9735F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "B8FE0307-3CA7-445E-BA42-27D65C298E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125129:*:*:*:*:*:*", matchCriteriaId: "F6F9CB58-3B55-4E6F-AE24-D16552EE3614", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125138:*:*:*:*:*:*", matchCriteriaId: "006DB16B-34C4-4359-96A1-381F7C66BF18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "7EFE37CC-58F5-4B08-95C2-D9DAFC8D9C31", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125162:*:*:*:*:*:*", matchCriteriaId: "4F102286-1D21-48AB-A1B4-ADB5A4D3EEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "7DDD3297-57ED-40D4-AC54-4484A3E9C633", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125194:*:*:*:*:*:*", matchCriteriaId: "8F467A89-13F7-47E9-8285-041DB3F33603", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "E8C93717-4E5A-4686-A83F-A7D4AC732144", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "5A15AF17-8500-4102-AF1C-897360BB985C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125233:*:*:*:*:*:*", matchCriteriaId: "D9B364E3-45C1-4C71-BB6D-9D831449CF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "4CCB49B2-4AA1-4223-98F0-1E0872566BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125357:*:*:*:*:*:*", matchCriteriaId: "5D0A19E8-F0B3-446D-B991-C63657BC2A61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "1C7CD9C4-861D-42C0-9209-0843613F94B4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125363:*:*:*:*:*:*", matchCriteriaId: "AD44F42F-709B-4FBE-B9C7-9944A874D489", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "23C53DA5-F50F-4FA5-AF8B-4EA174BB4E57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125395:*:*:*:*:*:*", matchCriteriaId: "199EE3C2-2D58-4777-8592-D000D135E2A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "0CE514D6-6C6A-4DAD-8DB2-FA1F12FFAFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125412:*:*:*:*:*:*", matchCriteriaId: "461FD5FC-2D14-44FC-88F0-783EDDD63483", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125429:*:*:*:*:*:*", matchCriteriaId: "65FD6158-1B99-4C17-A167-41D6B1CD62F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125449:*:*:*:*:*:*", matchCriteriaId: "188123C8-7E72-4690-A322-888BED90FB7A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*", matchCriteriaId: "2BF85206-863D-493C-88F4-15B0BA5276A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*", matchCriteriaId: "3C9DE996-1DEC-4AF0-89FD-1E3DA3967BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*", matchCriteriaId: "75FF4D85-97C8-4DF4-ADE6-EDE8EC2DD5BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*", matchCriteriaId: "9CAC6467-19F7-4CB2-A5FC-B57A14F4636C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*", matchCriteriaId: "60EB56E2-7367-4488-A00D-41464E86B06D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*", matchCriteriaId: "3E315636-0897-4421-882D-E8196F7ACAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "EE609902-17AF-491B-8749-C8AF4E0A8241", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "6EFF6295-3F73-448D-8109-453E0DFD2002", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125471:*:*:*:*:*:*", matchCriteriaId: "35A535BC-644B-4B10-8F66-779FAF503683", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125475:*:*:*:*:*:*", matchCriteriaId: "DDD4AA74-4B07-44A1-A32F-88B0B1E90ACA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "52203983-0CC9-49DB-B100-49CD9F5CE688", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "095362BF-69CD-458F-8A44-E3D6AFC8C41F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "65F6F508-F0BF-4821-8B50-24A9B652522E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125564:*:*:*:*:*:*", matchCriteriaId: "4044EE7F-268B-4CC7-9982-80766BE5790E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "6F87A77C-E40F-4DDE-9260-FCF12B237FA8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125581:*:*:*:*:*:*", matchCriteriaId: "51CF193E-D5A6-423A-A5E2-B0ACF4B002E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125596:*:*:*:*:*:*", matchCriteriaId: "7C10F5A0-6FFE-4907-8A61-61CF11FC7A69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "6B3F637D-3724-4314-BCC7-A6A06040DF00", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125617:*:*:*:*:*:*", matchCriteriaId: "18598449-D0EE-445F-BA6A-2CD658DAF4D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125657:*:*:*:*:*:*", matchCriteriaId: "6DC52F3E-EC5F-404B-ABD7-615B8AB522A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*", matchCriteriaId: "E3552F71-C708-41A4-9168-5673C086F507", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1DA3A9-36FB-4BCA-AEEC-231A2C3127D0", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "0BA30C26-D3D8-447C-BD7A-9BC166C8BF3E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:*", matchCriteriaId: "162E0203-17E1-427E-A351-33F75E8FE5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:*", matchCriteriaId: "61FB54BF-7A8F-4EE5-AF42-15E2B69E9DE9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:*", matchCriteriaId: "764139C9-FF6A-4BE0-BAF3-52F403C41393", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:*", matchCriteriaId: "3D9805F6-1A56-4FBF-8F47-DAA80E4DE9FC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "E9FF3515-61C7-4A7A-9781-6D4A0340B2EC", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "77AA96FD-5AF0-4F80-8402-BAB460FF8B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125003:*:*:*:*:*:*", matchCriteriaId: "3095B4D1-170A-48B0-8C4A-7A7A54E42149", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "8CE4267C-DAAE-4CEC-A6E3-D2213AA5EE57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125109:*:*:*:*:*:*", matchCriteriaId: "92EB7DC6-F227-40B3-A093-4D9495BBE272", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125115:*:*:*:*:*:*", matchCriteriaId: "40C478D3-7C1C-4FCE-99FA-976EE2754680", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "DE6C88E4-D382-4729-AF5D-5697DCE26A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125122:*:*:*:*:*:*", matchCriteriaId: "6447F4D8-0943-4C8C-BBA7-42BECC181D80", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "422B8CB6-3A14-4452-9192-F4CD5BF5D030", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125141:*:*:*:*:*:*", matchCriteriaId: "41AB6C1A-CBEC-4DC1-94A4-9D14E82BA542", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125142:*:*:*:*:*:*", matchCriteriaId: "6A2C060F-770B-4245-8490-5D2EB970FCA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "16E635CC-1591-4535-89EA-B8470BD885F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125150:*:*:*:*:*:*", matchCriteriaId: "D5F9E623-A42D-446D-ADDD-5F3C8F7BD9B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125160:*:*:*:*:*:*", matchCriteriaId: "1E235AF0-4453-4439-A25D-FF78A89BB117", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125179:*:*:*:*:*:*", matchCriteriaId: "620E40E9-9D83-4E14-8898-10C0718B1A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "1D72F651-BD8C-4564-AC1A-84A91F21EADA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125194:*:*:*:*:*:*", matchCriteriaId: "19DD9FF2-583B-4079-9375-E1643FF9A54B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125200:*:*:*:*:*:*", matchCriteriaId: "69EDC39C-68EE-488D-B740-9E45229BDF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "EC374820-208A-40EF-965C-50C19467BD82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "397B1FAC-EB6E-4F17-B5D7-CBD47D581DF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125217:*:*:*:*:*:*", matchCriteriaId: "E771BCA5-9E65-4C8B-BF36-E90F641D2015", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125221:*:*:*:*:*:*", matchCriteriaId: "A658460A-FAE0-4487-8CD6-FB3384664F9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "6F104D17-7D08-42A5-BAF3-DEA475308FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "9F875BFA-18C2-42BF-8BC4-D02E15B395E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "3BBD9D22-7E92-4648-972E-E17D9472E08D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125357:*:*:*:*:*:*", matchCriteriaId: "7219F9A0-CD1D-4BB4-A5E1-FA0495B49114", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125361:*:*:*:*:*:*", matchCriteriaId: "0CBB0F67-9C81-44BC-9836-DE5FE40DDBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "6D7C0250-52DA-423D-B061-0CDF39D15068", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125376:*:*:*:*:*:*", matchCriteriaId: "6FC34D3F-FED3-4266-AB29-98FFC2002507", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "DD1460AC-A719-4B75-B28B-748B6C262A87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "B9024FE1-536C-4180-8115-6D97E7C324D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125410:*:*:*:*:*:*", matchCriteriaId: "8CD6EB21-3DC6-47A7-939A-AA3C8EFE278F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125429:*:*:*:*:*:*", matchCriteriaId: "3A5911F7-7A45-499D-B345-D9C082932BBA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125447:*:*:*:*:*:*", matchCriteriaId: "CBBD7A90-4F97-4DFD-B8E6-F24A9B72A1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "87C6DCE0-5F40-4F50-8538-29CFF2DCC9EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125464:*:*:*:*:*:*", matchCriteriaId: "BECA9FA7-887B-4ECC-AA23-F75F96E42CB3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "CFD6D448-337E-4A63-8BE2-4DFC50AE7413", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125475:*:*:*:*:*:*", matchCriteriaId: "33F2625D-0750-4ED1-8BA7-8141D8B7FB01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "A7D6DD58-62F3-4727-9AC1-E6B5EA71BB89", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "33991587-174F-48D9-821D-BF44CF24924D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125484:*:*:*:*:*:*", matchCriteriaId: "18B8D15F-0286-4D64-96F8-D213E241813E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "EB8483C1-6586-4936-8BF8-ECE3F0F4D5F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "A9318551-C41F-46E9-A196-5C01EAE276F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "5030E129-0401-457B-B4FB-974AD5A0A948", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125557:*:*:*:*:*:*", matchCriteriaId: "74DAFF5A-7090-427F-A69E-2E90456485C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "8EB26A23-108E-4F39-84E3-2F1C197C8CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125582:*:*:*:*:*:*", matchCriteriaId: "DF57D557-B1B9-4B2E-81A5-B23C1A8521E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125605:*:*:*:*:*:*", matchCriteriaId: "E37E20B2-B678-45C1-9EF9-7D65172B485F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "722042FB-CFE5-4DE8-A196-65D2E035378F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "17CC4F0C-E69E-4FA5-8119-D71AD9C13E63", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125621:*:*:*:*:*:*", matchCriteriaId: "B8DA03F6-8EF8-48E1-B4CF-A2B0CB6F1DEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "50FB7952-0CED-4A64-A435-D588CA661630", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "8343B084-2009-44F2-B36C-C66719BBB1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "2574DD71-36A4-47AE-ABC3-D05D36FF8F02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*", matchCriteriaId: "B9D787C9-F37B-4193-A34F-080F7410BFA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*", matchCriteriaId: "55FB4705-D709-42F0-A562-6C5A05E00EAE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*", matchCriteriaId: "4503E624-DC7F-4C5E-B715-0EC4676CA1ED", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "340D8561-6110-49D8-BCDC-78A762FCD3E6", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "C61E9B3D-A39D-428E-A82F-5C4C225906C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "423D3372-F910-4006-9FE8-49A6B730AEBE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125109:*:*:*:*:*:*", matchCriteriaId: "02B0ED3C-4729-4C70-8F06-6B507ED75BEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125115:*:*:*:*:*:*", matchCriteriaId: "3CE0B4B2-CC4C-4F0F-B97E-A90C84377989", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "DC2E4C62-9867-4D14-85B3-95F359BD0551", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125122:*:*:*:*:*:*", matchCriteriaId: "5042AD90-4DF1-4A5A-9317-017102515284", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "356A4F91-FA5B-4A09-841E-A380F580BA88", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125129:*:*:*:*:*:*", matchCriteriaId: "CBBDC611-498B-4175-9A88-5914ED6D3A9E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125141:*:*:*:*:*:*", matchCriteriaId: "10F3C9AD-9C1B-4FBD-8325-B56FCF96FFE8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "F4EE5C24-C4AE-4F9D-B808-8930102A1389", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125160:*:*:*:*:*:*", matchCriteriaId: "E0F45A48-5006-4748-B683-6C7CB469286A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125179:*:*:*:*:*:*", matchCriteriaId: "9796C62A-8FCA-4E1E-855E-7D67F77C9AD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "1A1AC2FD-91BA-4B78-BB14-B9F2CEB09071", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125200:*:*:*:*:*:*", matchCriteriaId: "A4B99FDC-EC68-4006-B359-E845AEF72FA1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "240A8575-F963-4DB4-B9C6-BE584A2F8271", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "B97F1BEE-F3C0-4DDD-B767-23C4BE9054AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125217:*:*:*:*:*:*", matchCriteriaId: "3B3482FA-9483-4EC7-9B09-E1BB63F02790", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "2600FBC5-8358-4126-88F2-00F3BEE9B537", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "FDD47CB0-3680-4ED9-821C-B673EACB953D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "D27B76C3-B8C8-48A6-AEF3-E9145B57EDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125357:*:*:*:*:*:*", matchCriteriaId: "6D77C576-035E-403B-A2B3-992496FAD202", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "70608921-F02A-4121-BE90-919DD68DD0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125376:*:*:*:*:*:*", matchCriteriaId: "93C50660-6ECF-4353-A15A-4F7B0F06D33A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "06D8864A-E6CC-4742-A2CF-B060E8DFA740", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125393:*:*:*:*:*:*", matchCriteriaId: "D2572B3B-3BC4-4A83-92D5-8D7579821F4B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "0DD78F90-5231-4848-8971-9AB5ABBD2C33", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125412:*:*:*:*:*:*", matchCriteriaId: "7C94C142-168F-421C-B00B-3F42AA1CC9D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125429:*:*:*:*:*:*", matchCriteriaId: "77CE4835-6540-4CF6-A31C-255DA52BB073", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125447:*:*:*:*:*:*", matchCriteriaId: "E0544AE8-92B3-43A7-8F42-299AED1A40CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*", matchCriteriaId: "BEC805D2-CFDC-40DE-AA70-42A91461BEE6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*", matchCriteriaId: "4767BF5A-B867-44BB-B152-E2AFA63B06D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*", matchCriteriaId: "5855C471-07AB-4A96-9631-26C6C8B01F67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*", matchCriteriaId: "5075910F-3676-439A-879A-5CBE2C734347", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*", matchCriteriaId: "20808F91-7F08-4BA9-9075-C54337EC68E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*", matchCriteriaId: "C700CE3B-31B5-4B4D-A378-70EC26D6F88B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "A05AFF4D-4EF9-4939-81CC-0AB55DA596F1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125464:*:*:*:*:*:*", matchCriteriaId: "86C3E31F-87E2-459F-8D1B-C6D1A237960D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "A3E7FC26-0000-4D4B-B489-DF0E2CD2B13C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125469:*:*:*:*:*:*", matchCriteriaId: "13E6E0F9-9D03-4665-9C89-6BE62ADCB39C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125471:*:*:*:*:*:*", matchCriteriaId: "0DE52003-E959-420F-89A1-C86D8FB12DBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125476:*:*:*:*:*:*", matchCriteriaId: "6E9C9051-7FDE-4DEE-85DC-0798524DC17A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "5BE3598F-CEB4-4553-BB50-AA778BBF8BDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "4C71852D-D529-469A-9111-6D4DB8381BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125484:*:*:*:*:*:*", matchCriteriaId: "EC3F7DA9-3FBF-4D67-8BA5-2643E706F64F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "53E2DF01-9A39-4E50-BEDE-D49988CE5CBD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "0015664D-11BC-4DEE-BC5B-DB3D1FE8DF82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "8B49F887-4574-4B3C-A8A7-57F75B27447F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125557:*:*:*:*:*:*", matchCriteriaId: "C1E93E4D-0E54-41DF-843A-E8AE94EAD0BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125566:*:*:*:*:*:*", matchCriteriaId: "1617ADAD-2E13-4910-B600-3EC7E59B087C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "4E7B4955-F688-47DE-B1FF-D417EBDFF9C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125582:*:*:*:*:*:*", matchCriteriaId: "5F982932-5513-411A-9CBF-3082C7ECEF0A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125584:*:*:*:*:*:*", matchCriteriaId: "0B5378E9-D011-4B12-8DEE-442F22789C08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125585:*:*:*:*:*:*", matchCriteriaId: "8232CBA1-55DA-4F3C-A9E5-A204A25231C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "253569A5-4A2E-4163-88DC-C0FE6B79E06E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "A30281F3-4DE2-4ED3-91A7-AE7A091C31E1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "9222E54C-0A7C-4828-9917-7CFD7EE8BC59", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "85778DB3-87D9-4C6A-9149-C58C45913268", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:*", matchCriteriaId: "3973EC75-A70A-475A-82BB-409992F09392", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "14537D55-3ABE-423C-B320-6811292620AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:*", matchCriteriaId: "FCB0BDE0-5BD3-4315-A74B-D7065ABC91BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:*", matchCriteriaId: "3E850CF4-9078-4E43-A87C-8323536E8CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:*", matchCriteriaId: "EC407852-45B1-47F4-A886-AF8B473A86D5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DCB0C7A9-5511-4AC9-B5E4-74AAE6973E34", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "BDA5DDA4-A67C-4370-B41D-02755FCF1F6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "3D99CD97-1D6B-4C67-A909-E1CE28A78E10", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:*", matchCriteriaId: "70FEC14F-A53C-437C-981A-214B867142E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:*", matchCriteriaId: "895E57EA-A8F6-425B-9D08-654E03B92B30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:*", matchCriteriaId: "9EE0C771-B2F6-4766-82FD-203967CE37D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "0DCD6102-19F7-42D2-A81B-C85824CA351D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:*", matchCriteriaId: "3C2C0A08-66BF-4FDC-A209-769234438844", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "8DDC3649-12A9-41F3-A27D-646B5DF05E93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:*", matchCriteriaId: "4F037A2A-4B9A-4EBC-94E2-87502960FF20", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:*", matchCriteriaId: "B15E99A3-989F-4EFD-BA26-DEC6992BD1CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:*", matchCriteriaId: "B85BF117-503B-435F-8667-481D9AC7A788", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "3AC2A038-F59B-4137-B02F-4C26E2EB9152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "F605C78F-8BE4-4E02-A7FB-CA9D24AFE7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:*", matchCriteriaId: "15557A07-E0E9-40DB-B013-0F4AD9556BD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:*", matchCriteriaId: "79082C84-9F25-4A63-86AF-18CC4ADF71CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "A88678CE-DB64-4D66-8F2A-3C60058DC5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "88009BAC-1ECF-4BA3-855F-96C8789E476E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:*", matchCriteriaId: "E64F7B54-6B09-4B7E-B2AB-5EA73FD8E0AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:*", matchCriteriaId: "2B94DFD2-374C-47A9-9D54-3FDB63197FFA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "9B0330D9-1276-4228-BA7E-B9E3B828E5AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:*", matchCriteriaId: "89736956-D05D-437B-BC7A-850AA459C123", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:*", matchCriteriaId: "63B26424-7292-4F37-B86F-2A4E0AD32B85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "2D2629FB-0A83-43CC-8C83-444036D05F7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:*", matchCriteriaId: "4CFD99D1-CB43-437B-8E7D-6712DA5C9835", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:*", matchCriteriaId: "6FEBA58F-E5B4-4B91-B78F-620C6EB9D3BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "F9F9D406-FE99-45C0-B1C0-4DEB5E843FE5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:*", matchCriteriaId: "F4B86974-C598-4E1A-9FF0-5AF9638C1AD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:*", matchCriteriaId: "C2838623-6F3F-417A-A644-FA226CCD8BB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:*", matchCriteriaId: "454EDD2A-E79A-4D46-B841-BE5EC12C63D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "1557A740-D19D-4220-9B3E-395EFCB86F9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:*", matchCriteriaId: "9C7DB404-A5C7-4EDB-BCB2-079A41E31428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:*", matchCriteriaId: "B738952C-DE7B-4C3D-85B9-ADBEDF007AFD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:*", matchCriteriaId: "897D140C-20FF-454D-8928-B11FFC84C016", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "18F93D7C-E8FC-4D4C-AEA0-C1187FB6D9D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:*", matchCriteriaId: "2E799367-7DC7-478D-948A-17D717507DC0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:*", matchCriteriaId: "74A5591E-75A4-4ACA-9C34-4907D645AA88", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "0C67D5FC-5965-4AC1-80A5-931BE60B5E86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125465:*:*:*:*:*:*", matchCriteriaId: "139E25D9-A4C8-4041-ADF7-4618DFEEE8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125469:*:*:*:*:*:*", matchCriteriaId: "6A65F3F7-45D3-49EB-9784-1F13FA2CBB0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125471:*:*:*:*:*:*", matchCriteriaId: "3795D2DE-622F-4C82-B133-0993A01AC1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125475:*:*:*:*:*:*", matchCriteriaId: "C0DB9896-BC25-46E3-AA6F-496A442BE525", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "CE56A949-74AC-4138-8AD3-31F5763860EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "4A3DB867-FD46-46EB-AEF0-2B6E79371AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "7881FBB4-AC09-4EB9-B02F-3EA19237E095", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "F391E432-98B8-4D97-8AD4-FB1A84FAF774", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "61D908B2-446E-48EC-9F6B-91E8BF0F6A38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125565:*:*:*:*:*:*", matchCriteriaId: "FD5F28B0-580E-4CD4-917A-496D35AD271A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "F0FC96AA-F2F4-4C35-8BF7-6318A2F624A0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125583:*:*:*:*:*:*", matchCriteriaId: "6EA008F1-4E47-4753-8506-769B29AB5BA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125584:*:*:*:*:*:*", matchCriteriaId: "7ED68CDE-1096-4490-8E6B-78F4AC2BB729", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125598:*:*:*:*:*:*", matchCriteriaId: "34F8D9B7-3BD7-44C0-A292-162928729F36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "ADFB3155-72F3-4DFA-BAE1-5725A40E6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125612:*:*:*:*:*:*", matchCriteriaId: "7446678C-E2DB-4EA2-BC9B-430C8EC7804B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "33C57314-5503-48BD-9ED2-D76517C9C0F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125617:*:*:*:*:*:*", matchCriteriaId: "AC201C68-2C1D-4E75-9443-C5F853A37AB0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D6628EB7-96F6-48E3-8018-8F569972B811", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "B64ADEEB-502D-4588-BD80-156124437AEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:*", matchCriteriaId: "2306C5F3-5413-4240-BAB6-E55849063A72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:*", matchCriteriaId: "87F97A9E-2AB3-4121-B5A7-0AA25780D336", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:*", matchCriteriaId: "AD049643-9546-4D39-BD26-79661205C110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "B8AEEB49-1C45-4B88-81C1-A1425B7E99A2", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "E73FEA45-5AA3-4C49-91D3-E07A53E34515", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*", matchCriteriaId: "8CA65161-0C0B-45E7-BBEA-FA214DBF964B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*", matchCriteriaId: "9097C0CA-001B-4604-BCDB-ED28AB292CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14303:*:*:*:*:*:*", matchCriteriaId: "C7F15A64-F15C-43E4-890A-7FEB0614C6DF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "378A2C19-6176-4E95-AB9C-B60A1F1A1E87", versionEndExcluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*", matchCriteriaId: "1E01D48C-A95F-421E-A6FA-D299D6BE02B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*", matchCriteriaId: "727BD3A4-F0E1-4656-A640-B32406324707", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7002:*:*:*:*:*:*", matchCriteriaId: "AC812003-B383-4E52-B9D3-90F4B0633C90", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7003:*:*:*:*:*:*", matchCriteriaId: "E6BE678E-EC68-478F-A4E0-73E032C88167", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7004:*:*:*:*:*:*", matchCriteriaId: "A5E373E7-9BB3-480F-A685-BAA7A9CD1BC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "CE99DDEC-EA8D-4E15-A227-30B242611078", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "52843587-34AD-4992-8E68-25CD02E247A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14301:*:*:*:*:*:*", matchCriteriaId: "BC2FC98F-84FF-4C90-BD7C-20A4910BED44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14302:*:*:*:*:*:*", matchCriteriaId: "9794CB33-4932-4AA6-AC8C-B9FB6AE233FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14303:*:*:*:*:*:*", matchCriteriaId: "3CC0A1C9-2F24-422A-8478-95BDCE1EBE77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14304:*:*:*:*:*:*", matchCriteriaId: "4E541BD1-3BB8-4807-BDF8-45B0916416D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDF15FF-2561-4139-AC5E-4812584B1B03", versionEndExcluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*", matchCriteriaId: "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*", matchCriteriaId: "52DDE5D9-28DE-446F-A402-7BE3C33A4B35", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*", matchCriteriaId: "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*", matchCriteriaId: "59675CC4-8A5C-4668-908C-0886B4B310DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*", matchCriteriaId: "45084336-F1DC-4E5B-A45E-506A779985D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*", matchCriteriaId: "1B2CC071-5BB3-4A25-88F2-DBC56B94D895", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*", matchCriteriaId: "E6FDF373-4711-4B72-A14E-CEB19301C40F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*", matchCriteriaId: "0E0F346C-0445-4D38-8583-3379962B540F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4308:*:*:*:*:*:*", matchCriteriaId: "18B78BDC-0EAA-4781-8D62-01E47AA3BF40", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4309:*:*:*:*:*:*", matchCriteriaId: "A9EE7E99-B428-41EF-A693-7A316F695160", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4707D700-23C4-4BBD-9683-4E6D59989127", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14301:*:*:*:*:*:*", matchCriteriaId: "13A9F940-083E-451E-A330-877D67F617BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14302:*:*:*:*:*:*", matchCriteriaId: "9FE925DF-55E6-4E7F-B5CD-F5ED097BBBC0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14303:*:*:*:*:*:*", matchCriteriaId: "0031CF5C-78FE-4CB0-97CE-087C10A77EB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", matchCriteriaId: "1478BFC3-A0B2-415B-BA1C-AA09D9451C93", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "41B34AA8-294A-48A9-8579-44EB7EE192F3", versionEndExcluding: "12.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.", }, { lang: "es", value: "Existe una vulnerabilidad de divulgación de información en varios productos ManageEngine que puede provocar la exposición de claves de cifrado. Un usuario de sistema operativo con pocos privilegios y acceso al host donde está instalado un producto ManageEngine afectado puede ver y utilizar la clave expuesta para descifrar las contraseñas de la base de datos del producto. Esto permite al usuario acceder a la base de datos del producto ManageEngine.", }, ], id: "CVE-2023-6105", lastModified: "2025-02-13T18:16:03.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "vulnreport@tenable.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-15T21:15:08.490", references: [ { source: "vulnreport@tenable.com", url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, { source: "vulnreport@tenable.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2023-35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2023-35", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "vulnreport@tenable.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-17 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/109298 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109298 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | 6.6.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_desktop_central | 10.0.380 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6.5:*:*:*:*:*:*:*", matchCriteriaId: "F04532BC-FBD0-4111-9213-3F044475CD0D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:*:*:*:*:*:*:*", matchCriteriaId: "147F5946-E435-4EDF-B839-E1853C2F9DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380:*:*:*:*:*:*:*", matchCriteriaId: "643C7F9E-F838-421C-BB13-ECCFDF073C91", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.", }, { lang: "es", value: "Zoho ManageEngine ADManager Plus versión 6.6.5, ADSelfService Plus versión 5.7, y DesktopCentral versión 10.0.380 tiene permisos no seguros, lo que conlleva a una escalada de privilegios desde los privilegios de bajo nivel hasta el sistema.", }, ], id: "CVE-2019-12876", lastModified: "2024-11-21T04:23:45.473", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-17T20:15:11.273", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109298", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-03 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4D9FC84E-958F-450A-8400-1C51E00231A4", versionEndIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", matchCriteriaId: "17270CDC-C800-4B5A-BEAA-83AF455BBBEA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", matchCriteriaId: "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*", matchCriteriaId: "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*", matchCriteriaId: "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.", }, { lang: "es", value: "ManageEngine ADSelfService Plus versiones anteriores a la compilación 6116, almacena el archivo de política de contraseñas para cada dominio bajo la raíz html/ web con un nombre de archivo predecible basado en el nombre del dominio. Cuando ADSSP está configurado con múltiples dominios de Windows, un usuario de un dominio puede obtener la política de contraseñas de otro dominio al autenticarse en el servicio y enviando una petición especificando el archivo de política de contraseñas del otro dominio", }, ], id: "CVE-2021-20148", lastModified: "2024-11-21T05:46:00.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-03T22:15:08.560", references: [ { source: "vulnreport@tenable.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-552", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-03 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4D9FC84E-958F-450A-8400-1C51E00231A4", versionEndIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*", matchCriteriaId: "B2320EEE-367C-4CE1-8AC4-048B97DE71F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "6FA21683-29F7-44EB-84C6-D29C6C64DE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*", matchCriteriaId: "7BE0B72F-2963-4666-9A82-7812BFB52DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*", matchCriteriaId: "85DD7E26-B9C5-4DCC-8F50-F5884AF61105", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*", matchCriteriaId: "AC37608E-E61B-4333-8358-50C8377A1ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*", matchCriteriaId: "C13EF458-FE95-49E5-9A13-04C96C3F114A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*", matchCriteriaId: "12919644-3D85-488C-89A3-58A1FB31279D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*", matchCriteriaId: "75206A94-9155-48D7-A378-5020877B8B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*", matchCriteriaId: "E50CF265-DE6F-4281-8300-06D54185AA43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*", matchCriteriaId: "EB577C00-1412-4F87-B91A-5E956EB2213F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "4C7681FA-FC15-49CE-9288-3C4E361F4D21", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "80F12A94-93C5-4442-8FB3-4E02E4DECCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*", matchCriteriaId: "17270CDC-C800-4B5A-BEAA-83AF455BBBEA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*", matchCriteriaId: "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*", matchCriteriaId: "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*", matchCriteriaId: "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.", }, { lang: "es", value: "ManageEngine ADSelfService Plus versiones anteriores a la compilación 6116, contiene una discrepancia de respuesta observable en la operación UMCP de la ChangePasswordAPI. Esto permite a un atacante remoto no autenticado determinar si se presenta un usuario de dominio de Windows", }, ], id: "CVE-2021-20147", lastModified: "2024-11-21T05:46:00.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-03T22:15:08.503", references: [ { source: "vulnreport@tenable.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-52", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-11 16:15
Modified
2024-11-21 04:58
Severity ?
Summary
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "EA200DAA-09C6-4165-86F3-53E0693DEFA4", versionEndIncluding: "5.8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*", matchCriteriaId: "86396EFE-E4E1-42DB-A206-9D44B977DB95", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*", matchCriteriaId: "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*", matchCriteriaId: "89042E18-91F4-4EB7-9276-251A94529D36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*", matchCriteriaId: "0215A848-4170-42E0-9711-E9922CE82CD1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \\windows\\system32, cmd.exe can be launched as a SYSTEM.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios en ManageEngine ADSelfService Plus antes del build 6003, porque no aplica apropiadamente los privilegios de usuario asociados con un cuadro de diálogo del Certificado. Esta vulnerabilidad podría permitir a un atacante no autenticado escalar privilegios sobre un host de Windows. Un atacante no requiere ningún privilegio en el sistema de destino para explotar esta vulnerabilidad. Una opción es la opción de autoservicio en la pantalla de inicio de sesión de Windows. Al seleccionar esta opción, se inicia el software thick-client, que se conecta a un servidor ADSelfService Plus remoto para facilitar las operaciones de autoservicio. Un atacante no autenticado que tenga acceso físico al host podría activar una alerta de seguridad al suministrar un certificado SSL autofirmado al cliente. La opción View Certificate de la alerta de seguridad permite a un atacante exportar un certificado desplegado hacia un archivo. Esto puede convertirse en cascada en un cuadro de diálogo que puede abrir Explorer como SYSTEM. Al navegar desde Explorer en \\windows\\ system32, el archivo cmd.exe puede ser iniciado como un SYSTEM", }, ], id: "CVE-2020-11552", lastModified: "2024-11-21T04:58:08.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-11T16:15:12.057", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/4", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/6", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/48739", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/48739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-04 20:15
Modified
2024-11-21 07:10
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7BC9667B-3ECE-4DF8-9C45-95E53736CD68", versionEndExcluding: "6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*", matchCriteriaId: "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*", matchCriteriaId: "B1E4E7ED-317B-471D-B387-24BFE504FD48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*", matchCriteriaId: "1518C214-71A7-4C97-BA40-95D98E0C78BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.", }, { lang: "es", value: "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6203, permite una denegación de servicio (reinicio de la aplicación) por medio de una carga útil diseñada para la API de despliegue de aplicaciones móviles", }, ], id: "CVE-2022-34829", lastModified: "2024-11-21T07:10:16.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-04T20:15:07.970", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }