Vulnerabilites related to zohocorp - manageengine_adselfservice_plus
CVE-2021-27956 (GCVE-0-2021-27956)
Vulnerability from cvelistv5
Published
2021-05-20 17:55
Modified
2024-08-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raxis.com/blog/cve-2021-27956-manage-engine-xss"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T17:55:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raxis.com/blog/cve-2021-27956-manage-engine-xss"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://raxis.com/blog/cve-2021-27956-manage-engine-xss",
"refsource": "MISC",
"url": "https://raxis.com/blog/cve-2021-27956-manage-engine-xss"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27956",
"datePublished": "2021-05-20T17:55:22",
"dateReserved": "2021-03-04T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28958 (GCVE-0-2021-28958)
Vulnerability from cvelistv5
Published
2021-06-25 11:54
Modified
2024-08-03 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6102"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-28958/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T18:43:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6102"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-28958/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html#6102",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6102"
},
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-28958/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-28958/"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28958",
"datePublished": "2021-06-25T11:54:17",
"dateReserved": "2021-03-21T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35854 (GCVE-0-2023-35854)
Vulnerability from cvelistv5
Published
2023-06-20 00:00
Modified
2024-08-02 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T15:00:20.719051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:00:38.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/970198175/Simply-use"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor\u0027s perspective is that they have \"found no evidence or detail of a security vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com"
},
{
"url": "https://github.com/970198175/Simply-use"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35854",
"datePublished": "2023-06-20T00:00:00",
"dateReserved": "2023-06-19T00:00:00",
"dateUpdated": "2024-08-02T16:30:45.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28342 (GCVE-0-2023-28342)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-13 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T15:41:59.324267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:00:12.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28342",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:00:12.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20147 (GCVE-0-2021-20147)
Vulnerability from cvelistv5
Published
2022-01-03 21:07
Modified
2024-08-03 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Observable Response Discrepancy
Summary
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ADSelfService Plus |
Version: < 6116 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine ADSelfService Plus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c 6116"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Observable Response Discrepancy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T21:07:10",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine ADSelfService Plus",
"version": {
"version_data": [
{
"version_value": "\u003c 6116"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Observable Response Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-52",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20147",
"datePublished": "2022-01-03T21:07:10",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37421 (GCVE-0-2021-37421)
Vulnerability from cvelistv5
Published
2021-08-30 18:30
Modified
2024-08-04 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37421/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T14:50:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37421/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-37421/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-37421/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37421",
"datePublished": "2021-08-30T18:30:22",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20148 (GCVE-0-2021-20148)
Vulnerability from cvelistv5
Published
2022-01-03 21:07
Modified
2024-08-03 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Storage of File with Sensitive Data Under Web Root
Summary
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ADSelfService Plus |
Version: < 6116 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine ADSelfService Plus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c 6116"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Storage of File with Sensitive Data Under Web Root",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T21:07:11",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine ADSelfService Plus",
"version": {
"version_data": [
{
"version_value": "\u003c 6116"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Storage of File with Sensitive Data Under Web Root"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-52",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20148",
"datePublished": "2022-01-03T21:07:11",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8346 (GCVE-0-2019-8346)
Vulnerability from cvelistv5
Published
2019-05-24 16:48
Modified
2024-08-04 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user\u0027s AD self-service password reset and MFA token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T16:48:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user\u0027s AD self-service password reset and MFA token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8346",
"datePublished": "2019-05-24T16:48:36",
"dateReserved": "2019-02-15T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3273 (GCVE-0-2010-3273)
Vulnerability from cvelistv5
Published
2011-02-17 17:00
Modified
2024-08-07 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "adselfservice-resetresult-security-bypass(65348)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348"
},
{
"name": "43241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43241"
},
{
"name": "ADV-2011-0392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "70869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "adselfservice-resetresult-security-bypass(65348)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348"
},
{
"name": "43241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43241"
},
{
"name": "ADV-2011-0392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "70869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adselfservice-resetresult-security-bypass(65348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348"
},
{
"name": "43241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43241"
},
{
"name": "ADV-2011-0392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "70869",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70869"
},
{
"name": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3273",
"datePublished": "2011-02-17T17:00:00",
"dateReserved": "2010-09-09T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27214 (GCVE-0-2021-27214)
Vulnerability from cvelistv5
Published
2021-02-19 18:39
Modified
2024-08-03 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizonsecurity.it/lang_EN/advisories/?a=20\u0026title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T18:39:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizonsecurity.it/lang_EN/advisories/?a=20\u0026title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"name": "https://www.horizonsecurity.it/lang_EN/advisories/?a=20\u0026title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214",
"refsource": "MISC",
"url": "https://www.horizonsecurity.it/lang_EN/advisories/?a=20\u0026title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27214",
"datePublished": "2021-02-19T18:39:28",
"dateReserved": "2021-02-14T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20484 (GCVE-0-2018-20484)
Vulnerability from cvelistv5
Published
2018-12-26 18:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:16.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T17:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"name": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20484",
"datePublished": "2018-12-26T18:00:00",
"dateReserved": "2018-12-26T00:00:00",
"dateUpdated": "2024-08-05T12:05:16.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12476 (GCVE-0-2019-12476)
Vulnerability from cvelistv5
Published
2019-06-17 17:02
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0katz/CVE-2019-12476"
},
{
"name": "108813",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T07:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0katz/CVE-2019-12476"
},
{
"name": "108813",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3",
"refsource": "MISC",
"url": "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3"
},
{
"name": "https://github.com/0katz/CVE-2019-12476",
"refsource": "MISC",
"url": "https://github.com/0katz/CVE-2019-12476"
},
{
"name": "108813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12476",
"datePublished": "2019-06-17T17:02:28",
"dateReserved": "2019-05-30T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28987 (GCVE-0-2022-28987)
Vulnerability from cvelistv5
Published
2022-05-20 02:10
Modified
2024-08-03 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:58.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T23:36:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md",
"refsource": "MISC",
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md"
},
{
"name": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py",
"refsource": "MISC",
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py"
},
{
"name": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28987",
"datePublished": "2022-05-20T02:10:39",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:58.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3779 (GCVE-0-2014-3779)
Vulnerability from cvelistv5
Published
2015-01-07 18:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:16.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "adselfserviceplus-cve20143779-xss(99612)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "adselfserviceplus-cve20143779-xss(99612)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adselfserviceplus-cve20143779-xss(99612)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612"
},
{
"name": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3779",
"datePublished": "2015-01-07T18:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:16.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37423 (GCVE-0-2021-37423)
Vulnerability from cvelistv5
Published
2021-09-10 14:55
Modified
2024-08-04 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T14:55:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37423",
"datePublished": "2021-09-10T14:55:33",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24681 (GCVE-0-2022-24681)
Vulnerability from cvelistv5
Published
2022-04-07 21:49
Modified
2024-08-03 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raxis.com/blog/cve-2022-24681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T17:34:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raxis.com/blog/cve-2022-24681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://manageengine.com",
"refsource": "MISC",
"url": "https://manageengine.com"
},
{
"name": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html"
},
{
"name": "https://raxis.com/blog/cve-2022-24681",
"refsource": "MISC",
"url": "https://raxis.com/blog/cve-2022-24681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24681",
"datePublished": "2022-04-07T21:49:29",
"dateReserved": "2022-02-09T00:00:00",
"dateUpdated": "2024-08-03T04:20:49.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28810 (GCVE-0-2022-28810)
Vulnerability from cvelistv5
Published
2022-04-18 12:22
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16475"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28810",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:32:49.670627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-03-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-28810"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:43.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2023-03-07T00:00:00+00:00",
"value": "CVE-2022-28810 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T17:52:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16475"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html"
},
{
"name": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16475",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/16475"
},
{
"name": "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28810",
"datePublished": "2022-04-18T12:22:59.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:43.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12876 (GCVE-0-2019-12876)
Vulnerability from cvelistv5
Published
2019-07-17 19:46
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"name": "109298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109298"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T12:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"name": "109298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109298"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"name": "109298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109298"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12876",
"datePublished": "2019-07-17T19:46:17",
"dateReserved": "2019-06-18T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7162 (GCVE-0-2019-7162)
Vulnerability from cvelistv5
Published
2019-12-31 14:10
Modified
2025-05-30 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T16:01:21.821Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
},
{
"url": "https://www.excellium-services.com/cert-xlm-advisory"
},
{
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/",
"refsource": "MISC",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7162",
"datePublished": "2019-12-31T14:10:58.000Z",
"dateReserved": "2019-01-29T00:00:00.000Z",
"dateUpdated": "2025-05-30T16:01:21.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37417 (GCVE-0-2021-37417)
Vulnerability from cvelistv5
Published
2021-08-30 18:25
Modified
2024-08-04 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37417/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T18:25:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37417/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-37417/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-37417/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37417",
"datePublished": "2021-08-30T18:25:43",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:04.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37416 (GCVE-0-2021-37416)
Vulnerability from cvelistv5
Published
2021-08-30 18:18
Modified
2024-08-04 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37416/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T18:18:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37416/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-37416/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-37416/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37416",
"datePublished": "2021-08-30T18:18:14",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40539 (GCVE-0-2021-40539)
Vulnerability from cvelistv5
Published
2021-09-07 16:06
Modified
2025-07-30 01:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-40539",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T14:10:08.314401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40539"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:38:01.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-40539 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-27T06:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html"
},
{
"name": "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40539",
"datePublished": "2021-09-07T16:06:58.000Z",
"dateReserved": "2021-09-06T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:38:01.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36413 (GCVE-0-2022-36413)
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2025-02-25 15:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:33.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T15:43:26.930131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:43:43.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36413",
"datePublished": "2023-03-23T00:00:00.000Z",
"dateReserved": "2022-07-23T00:00:00.000Z",
"dateUpdated": "2025-02-25T15:43:43.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11511 (GCVE-0-2019-11511)
Vulnerability from cvelistv5
Published
2019-04-25 02:38
Modified
2024-08-04 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T19:49:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html#5708",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5708"
},
{
"name": "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/",
"refsource": "MISC",
"url": "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11511",
"datePublished": "2019-04-25T02:38:33",
"dateReserved": "2019-04-24T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6105 (GCVE-0-2023-6105)
Vulnerability from cvelistv5
Published
2023-11-15 20:57
Modified
2025-02-13 17:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ManageEngine | Service Desk Plus |
Version: 0 < 14304 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Service Desk Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "14304",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Asset Explorer",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "7004",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Access Manager Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "14304",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.\u003cbr\u003e"
}
],
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:58:04.015Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Information Disclosure in Multiple Products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-6105",
"datePublished": "2023-11-15T20:57:47.981Z",
"dateReserved": "2023-11-13T15:10:28.339Z",
"dateUpdated": "2025-02-13T17:26:03.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18411 (GCVE-0-2019-18411)
Vulnerability from cvelistv5
Published
2019-11-06 21:48
Modified
2024-08-05 01:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users\u0027 profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T21:48:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users\u0027 profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae",
"refsource": "MISC",
"url": "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18411",
"datePublished": "2019-11-06T21:48:40",
"dateReserved": "2019-10-24T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18781 (GCVE-0-2019-18781)
Vulnerability from cvelistv5
Published
2019-12-18 21:02
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:38.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T21:02:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"name": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18781",
"datePublished": "2019-12-18T21:02:47",
"dateReserved": "2019-11-06T00:00:00",
"dateUpdated": "2024-08-05T02:02:38.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24786 (GCVE-0-2020-24786)
Vulnerability from cvelistv5
Published
2020-08-31 14:02
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:02:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/data-security/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5",
"refsource": "MISC",
"url": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://www.manageengine.com/products/eventlog/features-new.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24786",
"datePublished": "2020-08-31T14:02:05",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31874 (GCVE-0-2021-31874)
Vulnerability from cvelistv5
Published
2021-07-02 17:13
Modified
2024-08-03 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-31874/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:13:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-31874/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-31874/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-31874/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31874",
"datePublished": "2021-07-02T17:13:22",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5353 (GCVE-0-2018-5353)
Vulnerability from cvelistv5
Published
2020-09-29 20:07
Modified
2024-08-05 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zoho.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/missing0x00/CVE-2018-5353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-29T20:07:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zoho.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/missing0x00/CVE-2018-5353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"name": "http://zoho.com",
"refsource": "MISC",
"url": "http://zoho.com"
},
{
"name": "https://github.com/missing0x00/CVE-2018-5353",
"refsource": "MISC",
"url": "https://github.com/missing0x00/CVE-2018-5353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5353",
"datePublished": "2020-09-29T20:07:22",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11552 (GCVE-0-2020-11552)
Vulnerability from cvelistv5
Published
2020-08-11 15:43
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48739"
},
{
"name": "20200811 Re: [FD] ManageEngine ADSelfService Plus - Unauthenticated Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \\windows\\system32, cmd.exe can be launched as a SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T21:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48739"
},
{
"name": "20200811 Re: [FD] ManageEngine ADSelfService Plus - Unauthenticated Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \\windows\\system32, cmd.exe can be launched as a SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Aug/4",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/4"
},
{
"name": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support"
},
{
"name": "https://www.exploit-db.com/exploits/48739",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48739"
},
{
"name": "20200811 Re: [FD] ManageEngine ADSelfService Plus - Unauthenticated Remote Code Execution Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11552",
"datePublished": "2020-08-11T15:43:14",
"dateReserved": "2020-04-05T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33055 (GCVE-0-2021-33055)
Vulnerability from cvelistv5
Published
2021-08-30 18:12
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-33055/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T18:12:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-33055/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-33055/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-33055/"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33055",
"datePublished": "2021-08-30T18:12:17",
"dateReserved": "2021-05-17T00:00:00",
"dateUpdated": "2024-08-03T23:42:19.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3905 (GCVE-0-2019-3905)
Vulnerability from cvelistv5
Published
2019-01-03 18:00
Modified
2025-05-30 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5703"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T16:01:10.565Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5703"
},
{
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/"
},
{
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-3905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html#5703",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5703"
},
{
"name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/",
"refsource": "MISC",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-3905",
"datePublished": "2019-01-03T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-05-30T16:01:10.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29457 (GCVE-0-2022-29457)
Vulnerability from cvelistv5
Published
2022-04-18 19:47
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T19:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"name": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability",
"refsource": "MISC",
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"name": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29457",
"datePublished": "2022-04-18T19:47:07",
"dateReserved": "2022-04-18T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33256 (GCVE-0-2021-33256)
Vulnerability from cvelistv5
Published
2021-08-09 13:28
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports \"User Attempts Audit Report\" as CSV file. Note: The vendor disputes this vulnerability, claiming \"This is not a valid vulnerability in our ADSSP product. We don\u0027t see this as a security issue at our side."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-25T18:14:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports \"User Attempts Audit Report\" as CSV file. Note: The vendor disputes this vulnerability, claiming \"This is not a valid vulnerability in our ADSSP product. We don\u0027t see this as a security issue at our side.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection",
"refsource": "MISC",
"url": "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33256",
"datePublished": "2021-08-09T13:28:42",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47966 (GCVE-0-2022-47966)
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"tags": [
"x_transferred"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47966",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:00:59.744032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-01-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-47966"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:32.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2023-01-23T00:00:00+00:00",
"value": "CVE-2022-47966 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T19:33:35.401Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47966",
"datePublished": "2023-01-18T00:00:00.000Z",
"dateReserved": "2022-12-26T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:32.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3272 (GCVE-0-2010-3272)
Vulnerability from cvelistv5
Published
2011-02-17 17:00
Modified
2024-08-07 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43241"
},
{
"name": "ADV-2011-0392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-pwr-weak-security(65350)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"name": "70870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43241"
},
{
"name": "ADV-2011-0392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-pwr-weak-security(65350)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"name": "70870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43241"
},
{
"name": "ADV-2011-0392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-pwr-weak-security(65350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350"
},
{
"name": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46331"
},
{
"name": "70870",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3272",
"datePublished": "2011-02-17T17:00:00",
"dateReserved": "2010-09-09T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20664 (GCVE-0-2018-20664)
Vulnerability from cvelistv5
Published
2019-01-03 18:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5701"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T18:57:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5701"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html#5701",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5701"
},
{
"name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/",
"refsource": "MISC",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20664",
"datePublished": "2019-01-03T18:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3274 (GCVE-0-2010-3274)
Vulnerability from cvelistv5
Published
2011-02-17 17:00
Modified
2024-08-07 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43241"
},
{
"name": "70872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70872"
},
{
"name": "ADV-2011-0392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-employeesearch-xss(65349)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349"
},
{
"name": "70871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43241"
},
{
"name": "70872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70872"
},
{
"name": "ADV-2011-0392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-employeesearch-xss(65349)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349"
},
{
"name": "70871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43241"
},
{
"name": "70872",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70872"
},
{
"name": "ADV-2011-0392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-employeesearch-xss(65349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349"
},
{
"name": "70871",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70871"
},
{
"name": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3274",
"datePublished": "2011-02-17T17:00:00",
"dateReserved": "2010-09-09T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7161 (GCVE-0-2019-7161)
Vulnerability from cvelistv5
Published
2019-03-18 20:39
Modified
2025-05-30 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T16:01:16.222Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/"
},
{
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"url": "https://www.excellium-services.com/cert-xlm-advisory"
},
{
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/",
"refsource": "MISC",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/"
},
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7161",
"datePublished": "2019-03-18T20:39:46.000Z",
"dateReserved": "2019-01-29T00:00:00.000Z",
"dateUpdated": "2025-05-30T16:01:16.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27310 (GCVE-0-2024-27310)
Vulnerability from cvelistv5
Published
2024-05-27 17:26
Modified
2024-10-07 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Summary
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADSelfService Plus |
Version: 0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_adselfservice_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "builds_6400",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T16:52:11.510173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:02:04.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADSelfService Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "6401",
"status": "affected",
"version": "0",
"versionType": "14730"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zoho ManageEngine\u0026nbsp;ADSelfService Plus versions below\u0026nbsp;6401 are vulnerable to the DOS attack due to the malicious LDAP input."
}
],
"value": "Zoho ManageEngine\u00a0ADSelfService Plus versions below\u00a06401 are vulnerable to the DOS attack due to the malicious LDAP input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:44:05.359Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DOS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-27310",
"datePublished": "2024-05-27T17:26:14.229Z",
"dateReserved": "2024-02-23T06:13:18.186Z",
"dateUpdated": "2024-10-07T19:44:05.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11518 (GCVE-0-2020-11518)
Vulnerability from cvelistv5
Published
2020-04-04 13:25
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:12.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-04T13:25:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11518",
"datePublished": "2020-04-04T13:25:34",
"dateReserved": "2020-04-04T00:00:00",
"dateUpdated": "2024-08-04T11:35:12.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20485 (GCVE-0-2018-20485)
Vulnerability from cvelistv5
Published
2018-12-26 18:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T17:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"name": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20485",
"datePublished": "2018-12-26T18:00:00",
"dateReserved": "2018-12-26T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5105 (GCVE-0-2011-5105)
Vulnerability from cvelistv5
Published
2012-08-23 20:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"
},
{
"name": "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"
},
{
"name": "manageengine-adselfservice-xss(71395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"
},
{
"name": "50717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"
},
{
"name": "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"
},
{
"name": "manageengine-adselfservice-xss(71395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"
},
{
"name": "50717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jameswebb.me/vulns/vrpth-2011-001.txt",
"refsource": "MISC",
"url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"
},
{
"name": "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"
},
{
"name": "manageengine-adselfservice-xss(71395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"
},
{
"name": "50717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5105",
"datePublished": "2012-08-23T20:00:00",
"dateReserved": "2012-08-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:40.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34829 (GCVE-0-2022-34829)
Vulnerability from cvelistv5
Published
2022-07-04 19:25
Modified
2024-08-03 09:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T19:25:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34829",
"datePublished": "2022-07-04T19:25:01",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37422 (GCVE-0-2021-37422)
Vulnerability from cvelistv5
Published
2021-09-10 15:06
Modified
2024-08-04 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T15:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37422",
"datePublished": "2021-09-10T15:06:01",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35719 (GCVE-0-2023-35719)
Vulnerability from cvelistv5
Published
2023-09-06 04:03
Modified
2024-09-26 20:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADSelfService Plus |
Version: 6.1 Build 6122 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:44.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Zero Day Initiative Security Advisory ZDI-23-891",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:23:54.363071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:24:03.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ADSelfService Plus",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "6.1 Build 6122"
}
]
}
],
"dateAssigned": "2023-06-15T15:31:13.921-05:00",
"datePublic": "2023-06-21T15:20:55.928-05:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T19:54:06.718Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "Zero Day Initiative Security Advisory ZDI-23-891",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html"
}
],
"source": {
"lang": "en",
"value": "Pedro Ribeiro (pedrib@gmail.com | @pedrib1337), Jo\u00e3o Bigotte and Ashley King from Agile Information Security"
},
"title": "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-35719",
"datePublished": "2023-09-06T04:03:08.608Z",
"dateReserved": "2023-06-15T20:23:02.753Z",
"dateUpdated": "2024-09-26T20:24:03.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0252 (GCVE-0-2024-0252)
Vulnerability from cvelistv5
Published
2024-01-11 07:57
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADSelfService Plus |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-25T05:00:52.762305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:15.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/download.html",
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "ADSelfService Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "6402",
"status": "affected",
"version": "0",
"versionType": "6401"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ManageEngine ADSelfService Plus versions\u0026nbsp;6401\u0026nbsp;and below are vulnerable to the remote code execution due to the improper handling in the load \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ebalancer\u003c/span\u003e component. Authentication is required in order to exploit this vulnerability."
}
],
"value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T08:23:43.403Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-0252",
"datePublished": "2024-01-11T07:57:12.987Z",
"dateReserved": "2024-01-05T17:59:42.780Z",
"dateUpdated": "2025-06-17T21:09:15.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-02-17 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/43241 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/8089 | ||
| cve@mitre.org | http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | Exploit | |
| cve@mitre.org | http://www.osvdb.org/70869 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/516396/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/46331 | Exploit | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0392 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/65348 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43241 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8089 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/70869 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/516396/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46331 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0392 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65348 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A75087-E063-4DDE-8C0A-296A2F3A29FD",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos restablecer las contrase\u00f1as de usuario, y en consecuencia obtener acceso a cuentas de usuario arbitrarias al proporcionar un identificador de usuario a accounts/ValidateUser, y, a continuaci\u00f3n proporcionando una nueva contrase\u00f1a para accounts/ResetResult."
}
],
"id": "CVE-2010-3273",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-17T18:00:02.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43241"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8089"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/70869"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-23 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://jameswebb.me/vulns/vrpth-2011-001.txt | Exploit | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/520562/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/50717 | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jameswebb.me/vulns/vrpth-2011-001.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/520562/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/50717 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/71395 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "028A58B1-855D-41F4-9792-4CE4ADE9783E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en ZOHO ManageEngine ADSelfService Plus v4.5 Build 4521 permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s de los par\u00e1metros (1) searchType y (2) searchString, una vulnerabilidad diferente de CVE-2010-3274."
}
],
"id": "CVE-2011-5105",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-23T20:55:02.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50717"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://jameswebb.me/vulns/vrpth-2011-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-04 14:15
Modified
2024-11-21 04:58
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7380E0EF-684C-487E-B343-672248D8642E",
"versionEndIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 5815, permite una ejecuci\u00f3n de c\u00f3digo remota no autenticada."
}
],
"id": "CVE-2020-11518",
"lastModified": "2024-11-21T04:58:03.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-04T14:15:11.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-27 18:15
Modified
2024-11-27 16:25
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9A77AF-9D42-42A2-84F3-4307E46D917F",
"versionEndExcluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*",
"matchCriteriaId": "0FCE8818-79BB-41F7-9D2E-43FEE698B325",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine\u00a0ADSelfService Plus versions below\u00a06401 are vulnerable to the DOS attack due to the malicious LDAP input."
},
{
"lang": "es",
"value": "Las versiones de Zoho ManageEngine ADSelfService Plus inferiores a 6401 son vulnerables al ataque de DOS debido a la consulta LDAP maliciosa."
}
],
"id": "CVE-2024-27310",
"lastModified": "2024-11-27T16:25:10.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-27T18:15:09.693",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-90"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-17 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/43241 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/8089 | ||
| cve@mitre.org | http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | Exploit | |
| cve@mitre.org | http://www.osvdb.org/70870 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/516396/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/46331 | Exploit | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0392 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/65350 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43241 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8089 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/70870 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/516396/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46331 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0392 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65350 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A75087-E063-4DDE-8C0A-296A2F3A29FD",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action."
},
{
"lang": "es",
"value": "accounts/ValidateAnswers en la implementaci\u00f3n de seguridad-preguntas en Zoho ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 facilita a los atacantes remotos restablecer las contrase\u00f1as de usuario, y en consecuencia obtener acceso a cuentas de usuario arbitrarias, a trav\u00e9s de una modificaci\u00f3n de los par\u00e1metros (1) Hide_Captcha o (2) quesList en una acci\u00f3n validateAll."
}
],
"id": "CVE-2010-3272",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-17T18:00:02.120",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43241"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8089"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/70870"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-02 18:15
Modified
2024-11-21 06:06
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-31874/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-31874/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6104, en raras situaciones, permite a atacantes obtener informaci\u00f3n confidencial sobre la aplicaci\u00f3n de base de datos de sincronizaci\u00f3n de contrase\u00f1as"
}
],
"id": "CVE-2021-31874",
"lastModified": "2024-11-21T06:06:24.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-02T18:15:09.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-31874/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-31874/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-07 22:15
Modified
2024-11-21 06:50
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Product | |
| cve@mitre.org | https://raxis.com/blog/cve-2022-24681 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raxis.com/blog/cve-2022-24681 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*",
"matchCriteriaId": "2EC89DCA-D24A-46BB-8086-C306BB4CDABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*",
"matchCriteriaId": "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*",
"matchCriteriaId": "E319DA11-0C76-4F52-A197-FFBF4F30BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*",
"matchCriteriaId": "B928577F-3183-4305-9009-A8C6970477D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CE6F33B5-418E-4B38-81EB-090E4F3AF89A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, permite un ataque de tipo XSS por medio del atributo welcome name en la pantalla Reset Password, Unlock Account, o User Must Change Password"
}
],
"id": "CVE-2022-24681",
"lastModified": "2024-11-21T06:50:51.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-07T22:15:07.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://raxis.com/blog/cve-2022-24681"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://raxis.com/blog/cve-2022-24681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 19:15
Modified
2025-02-13 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "ADB66864-2B10-4693-89C5-F13AADCAF0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "36A2372E-DD10-455D-90C9-C8B5EBA52D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "212A1978-367C-417E-B887-6C957B76578C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*",
"matchCriteriaId": "1261129B-F0FD-4849-A8D9-9CBD99910FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*",
"matchCriteriaId": "087A729A-A175-4CE5-AF87-510E51125C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*",
"matchCriteriaId": "EFBB3F80-C322-4015-897D-12736CED3077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*",
"matchCriteriaId": "B3D55605-AD61-4D63-BCA9-CAD95020813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*",
"matchCriteriaId": "327F7E10-4704-46D9-A82A-8E799181D0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*",
"matchCriteriaId": "F515AB67-A302-4A95-BC99-F7F26BA67B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*",
"matchCriteriaId": "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*",
"matchCriteriaId": "C8D9FAD8-419D-4489-AAF7-96953CDB595B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*",
"matchCriteriaId": "04373F72-E36E-4EFD-8215-C6CF44464DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*",
"matchCriteriaId": "126040DD-08A6-45B4-8A41-E47DAF8716FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*",
"matchCriteriaId": "595F8E5F-068B-4526-A76F-D40EADC56135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*",
"matchCriteriaId": "C8608BDC-21B0-4C4C-9C1E-540FDCA13671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*",
"matchCriteriaId": "3AA24300-1217-4DFA-8247-CF1B83B47C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*",
"matchCriteriaId": "AE175D32-95D7-451F-88C0-492B4C827CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48B406DA-32D5-4343-B859-FB463B01CFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*",
"matchCriteriaId": "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*",
"matchCriteriaId": "FE8675BC-B0AA-4067-B079-FCAE97519B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "82FD8A24-2D01-4D2A-ADDE-51EBCC189332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "3CDD178D-9CE8-4FC9-8388-BB89DC949924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "4F3F2942-54CE-41A9-909B-8D5CE515A7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "20D1E7EE-8977-4010-AF5D-843A44853363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*",
"matchCriteriaId": "7F229F49-EA44-4D0A-855B-FC586CE8CFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*",
"matchCriteriaId": "07AED2F0-F527-4B4A-82FC-F571899F3738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "86396EFE-E4E1-42DB-A206-9D44B977DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "89042E18-91F4-4EB7-9276-251A94529D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "0215A848-4170-42E0-9711-E9922CE82CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*",
"matchCriteriaId": "A5D87211-8D8F-420A-AAAC-296FCD214CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "D8C120A3-C62A-4F39-BB9C-546C7AC57D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*",
"matchCriteriaId": "301FC0FF-8064-470E-BFAA-CC54078D1044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*",
"matchCriteriaId": "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*",
"matchCriteriaId": "821E2F3D-5B0C-4985-9934-F80E163EC1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*",
"matchCriteriaId": "0FFD43E2-8C28-4423-8660-8C9FC996C339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "E9497B19-1845-44C5-8868-332DDE6DD1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*",
"matchCriteriaId": "2EC89DCA-D24A-46BB-8086-C306BB4CDABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*",
"matchCriteriaId": "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*",
"matchCriteriaId": "E319DA11-0C76-4F52-A197-FFBF4F30BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*",
"matchCriteriaId": "B928577F-3183-4305-9009-A8C6970477D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CE6F33B5-418E-4B38-81EB-090E4F3AF89A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6121:*:*:*:*:*:*",
"matchCriteriaId": "1DD9B2CF-8EBE-454D-8A81-873C0A8ACAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6122:*:*:*:*:*:*",
"matchCriteriaId": "D3EFB734-E7F3-482E-9A64-DD1A0A6B1E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6123:*:*:*:*:*:*",
"matchCriteriaId": "C15CB1F2-9172-48D6-AD64-EFBC97AB87B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
"matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
"matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
"matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*",
"matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*",
"matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*",
"matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*",
"matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*",
"matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*",
"matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*",
"matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*",
"matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6211:*:*:*:*:*:*",
"matchCriteriaId": "D7E0ED07-E432-47FD-A2B5-6F591FF2A64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6212:*:*:*:*:*:*",
"matchCriteriaId": "73E7D08E-E2AA-48AE-ABFF-0E46026B47FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6213:*:*:*:*:*:*",
"matchCriteriaId": "430B78F8-F860-4911-9F7E-710386BF2166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6214:*:*:*:*:*:*",
"matchCriteriaId": "E926BB96-B0F6-4FC7-BACE-F658FA63F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6215:*:*:*:*:*:*",
"matchCriteriaId": "F5DC4C8C-41C8-45B2-A077-FB325F80E22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6216:*:*:*:*:*:*",
"matchCriteriaId": "FB581F7E-EF4C-4BFF-AA29-1875F0280BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6217:*:*:*:*:*:*",
"matchCriteriaId": "016F55FB-5F14-451F-9F93-479426146925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API."
}
],
"id": "CVE-2023-28342",
"lastModified": "2025-02-13T16:15:41.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-05T19:15:09.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-03 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FC84E-958F-450A-8400-1C51E00231A4",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain."
},
{
"lang": "es",
"value": "ManageEngine ADSelfService Plus versiones anteriores a la compilaci\u00f3n 6116, almacena el archivo de pol\u00edtica de contrase\u00f1as para cada dominio bajo la ra\u00edz html/ web con un nombre de archivo predecible basado en el nombre del dominio. Cuando ADSSP est\u00e1 configurado con m\u00faltiples dominios de Windows, un usuario de un dominio puede obtener la pol\u00edtica de contrase\u00f1as de otro dominio al autenticarse en el servicio y enviando una petici\u00f3n especificando el archivo de pol\u00edtica de contrase\u00f1as del otro dominio"
}
],
"id": "CVE-2021-20148",
"lastModified": "2024-11-21T05:46:00.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-03T22:15:08.560",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-11 08:15
Modified
2024-11-21 08:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.4 | |
| zohocorp | manageengine_adselfservice_plus | 6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9A77AF-9D42-42A2-84F3-4307E46D917F",
"versionEndExcluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*",
"matchCriteriaId": "0FCE8818-79BB-41F7-9D2E-43FEE698B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6401:*:*:*:*:*:*",
"matchCriteriaId": "FC18D7BD-91CC-4019-B429-BBA4353E8984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Las versiones 6401 e inferiores de ManageEngine ADSelfService Plus son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo debido al manejo inadecuado en el componente del balanceador de carga."
}
],
"id": "CVE-2024-0252",
"lastModified": "2024-11-21T08:46:09.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-11T08:15:35.933",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 19:15
Modified
2024-11-21 05:57
Severity ?
Summary
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "86396EFE-E4E1-42DB-A206-9D44B977DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "89042E18-91F4-4EB7-9276-251A94529D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "0215A848-4170-42E0-9711-E9922CE82CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*",
"matchCriteriaId": "A5D87211-8D8F-420A-AAAC-296FCD214CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "D8C120A3-C62A-4F39-BB9C-546C7AC57D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*",
"matchCriteriaId": "301FC0FF-8064-470E-BFAA-CC54078D1044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*",
"matchCriteriaId": "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*",
"matchCriteriaId": "821E2F3D-5B0C-4985-9934-F80E163EC1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*",
"matchCriteriaId": "0FFD43E2-8C28-4423-8660-8C9FC996C339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "E9497B19-1845-44C5-8868-332DDE6DD1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Server-side request forgery (SSRF) en el servlet ProductConfig en Zoho ManageEngine ADSelfService Plus versiones hasta 6013, permite a un atacante remoto no autenticado realizar peticiones HTTP ciegas o realizar un ataque de tipo Cross-site scripting (XSS) contra la interfaz administrativa por medio de una petici\u00f3n HTTP, una vulnerabilidad diferente a CVE-2019-3905"
}
],
"id": "CVE-2021-27214",
"lastModified": "2024-11-21T05:57:36.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T19:15:12.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizonsecurity.it/lang_EN/advisories/?a=20\u0026title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizonsecurity.it/lang_EN/advisories/?a=20\u0026title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-17 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/109298 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109298 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | 6.6.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_desktop_central | 10.0.380 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F04532BC-FBD0-4111-9213-3F044475CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "147F5946-E435-4EDF-B839-E1853C2F9DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380:*:*:*:*:*:*:*",
"matchCriteriaId": "643C7F9E-F838-421C-BB13-ECCFDF073C91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 6.6.5, ADSelfService Plus versi\u00f3n 5.7, y DesktopCentral versi\u00f3n 10.0.380 tiene permisos no seguros, lo que conlleva a una escalada de privilegios desde los privilegios de bajo nivel hasta el sistema."
}
],
"id": "CVE-2019-12876",
"lastModified": "2024-11-21T04:23:45.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-17T20:15:11.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109298"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-10 16:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones 6111 y anteriores, es vulnerable a una inyecci\u00f3n SQL mientras se vinculan las bases de datos"
}
],
"id": "CVE-2021-37422",
"lastModified": "2024-11-21T06:15:07.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-10T16:15:07.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 04:08
Severity ?
Summary
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://zoho.com | Vendor Advisory | |
| cve@mitre.org | https://github.com/missing0x00/CVE-2018-5353 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://zoho.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/missing0x00/CVE-2018-5353 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E862E48C-8EC8-477D-ACF9-5FFFAD844D39",
"versionEndExcluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required"
},
{
"lang": "es",
"value": "El m\u00f3dulo GINA/CP personalizado en Zoho ManageEngine ADSelfService Plus versiones anteriores a 5.5 build 5517, permite a atacantes remotos ejecutar c\u00f3digo y escalar privilegios mediante una suplantaci\u00f3n de identidad.\u0026#xa0;No autentica el servidor deseado antes de abrir una ventana del navegador.\u0026#xa0;Un atacante no autenticado capaz de llevar a cabo un ataque de suplantaci\u00f3n de identidad puede redireccionar el navegador para que se ejecute en el contexto del proceso WinLogon.exe.\u0026#xa0;Si no se aplica la autenticaci\u00f3n a nivel de red, la vulnerabilidad puede ser explotada mediante RDP.\u0026#xa0;Adem\u00e1s, si el servidor web tiene un certificado configurado inapropiadamente, no se requiere ning\u00fan ataque de suplantaci\u00f3n de identidad"
}
],
"id": "CVE-2018-5353",
"lastModified": "2024-11-21T04:08:38.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-30T18:15:15.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://zoho.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/missing0x00/CVE-2018-5353"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://zoho.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/missing0x00/CVE-2018-5353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-03 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-52 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FC84E-958F-450A-8400-1C51E00231A4",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists."
},
{
"lang": "es",
"value": "ManageEngine ADSelfService Plus versiones anteriores a la compilaci\u00f3n 6116, contiene una discrepancia de respuesta observable en la operaci\u00f3n UMCP de la ChangePasswordAPI. Esto permite a un atacante remoto no autenticado determinar si se presenta un usuario de dominio de Windows"
}
],
"id": "CVE-2021-20147",
"lastModified": "2024-11-21T05:46:00.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-03T22:15:08.503",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-52"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-24 17:29
Modified
2024-11-21 04:49
Severity ?
Summary
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user\u0027s AD self-service password reset and MFA token."
},
{
"lang": "es",
"value": "En Zoho ManageEngine ADSelfService Plus versi\u00f3n 5.x hasta 5704, una vulnerabilidad de tipo cross-site Scripting (XSS) en el archivo authorization.do permite una manipulaci\u00f3n no autenticada del c\u00f3digo JavaScript inyectando el formulario HTTP en el parametro adscsrf. Un atacante puede utilizar esto para capturar el restablecimiento de la contrase\u00f1a de autoservicio AD de un usuario y el token MFA."
}
],
"id": "CVE-2019-8346",
"lastModified": "2024-11-21T04:49:43.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-24T17:29:06.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37416/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37416/ | Release Notes, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, es vulnerable a un ataque de tipo XSS reflejado en la p\u00e1gina loadframe."
}
],
"id": "CVE-2021-37416",
"lastModified": "2024-11-21T06:15:07.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T19:15:08.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37416/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37416/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37421/ | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37421/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, son vulnerables a una evasi\u00f3n de la restricci\u00f3n de acceso al portal de administraci\u00f3n."
}
],
"id": "CVE-2021-37421",
"lastModified": "2024-11-21T06:15:07.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T19:15:09.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37421/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37421/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 18:29
Modified
2024-11-21 04:01
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html | ||
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:4500:*:*:*:*:*:*",
"matchCriteriaId": "796A4512-DC6E-42A1-9A57-D4F446A9BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5032:*:*:*:*:*:*",
"matchCriteriaId": "4C202C90-B792-4E0C-B7A9-C06FDB7C30DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5040:*:*:*:*:*:*",
"matchCriteriaId": "42F19FC5-6C75-458A-9B90-376D0D1B0C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5041:*:*:*:*:*:*",
"matchCriteriaId": "6DC23258-D431-40C0-9853-E08D36A225FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5100:*:*:*:*:*:*",
"matchCriteriaId": "D8AF9E70-E4F7-4BB1-9D49-33633AB9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5101:*:*:*:*:*:*",
"matchCriteriaId": "D1174A0E-EFA2-4FAA-B42A-A0D4FAAD592D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5102:*:*:*:*:*:*",
"matchCriteriaId": "A99912DA-82E6-4FD6-8916-635637941335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5103:*:*:*:*:*:*",
"matchCriteriaId": "FC5FA48C-6B99-4B80-9256-694BD4174557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5104:*:*:*:*:*:*",
"matchCriteriaId": "6D860882-A106-4771-87DF-9ADE482F41DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5105:*:*:*:*:*:*",
"matchCriteriaId": "0DD127BF-200A-45F5-9357-5024C76E7B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5106:*:*:*:*:*:*",
"matchCriteriaId": "8D2143C4-D4A0-4AE5-86D2-D3DEFD27C9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5107:*:*:*:*:*:*",
"matchCriteriaId": "1745145D-493D-4181-B011-46490BBF5A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5108:*:*:*:*:*:*",
"matchCriteriaId": "8A9605CA-8368-47D1-964A-684E099212D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5109:*:*:*:*:*:*",
"matchCriteriaId": "109303F0-F6C6-4BC7-9011-BAAD6B1D043E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5110:*:*:*:*:*:*",
"matchCriteriaId": "39BC2BEF-89B7-48F0-BAFC-26B1DE0E7EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5111:*:*:*:*:*:*",
"matchCriteriaId": "BA12CCBE-5C43-4FF8-A9A5-63B91AA14C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5112:*:*:*:*:*:*",
"matchCriteriaId": "270B44CA-F153-4EF8-8E0B-276E80C8ADB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5113:*:*:*:*:*:*",
"matchCriteriaId": "6EC9A6C6-3D3E-411F-89EF-CAFCF66D8222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5114:*:*:*:*:*:*",
"matchCriteriaId": "CD55F212-950A-4421-9C73-80287647719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5115:*:*:*:*:*:*",
"matchCriteriaId": "61E19A98-DF1A-44B0-AB69-6822F9110FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5116:*:*:*:*:*:*",
"matchCriteriaId": "7AA56B14-E4B5-4373-81F3-ECFD30DC897B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5200:*:*:*:*:*:*",
"matchCriteriaId": "77F2C9F3-67ED-4337-9EC8-A164ADCBFB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5201:*:*:*:*:*:*",
"matchCriteriaId": "DE73451C-7289-4832-84A7-1A9D8CFE5EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5202:*:*:*:*:*:*",
"matchCriteriaId": "74AB64C4-625A-4369-8F16-3145B85A5DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5203:*:*:*:*:*:*",
"matchCriteriaId": "5C8E8A1A-AA00-48AC-BB5F-59DA174A4F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5204:*:*:*:*:*:*",
"matchCriteriaId": "797C805C-68D4-4B5A-8AD8-C2036692C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5205:*:*:*:*:*:*",
"matchCriteriaId": "50D245E8-5719-41B6-95C0-A2CACE88676D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5206:*:*:*:*:*:*",
"matchCriteriaId": "809A4666-41E7-48B8-A9FA-A24A71EC5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5207:*:*:*:*:*:*",
"matchCriteriaId": "6BEADFCD-8A32-4D59-908A-37E9E3A52E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5300:*:*:*:*:*:*",
"matchCriteriaId": "28409900-B268-437E-B474-1CDF7C654161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5301:*:*:*:*:*:*",
"matchCriteriaId": "E4A44B27-87F1-47F2-8596-663C63F4C1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5302:*:*:*:*:*:*",
"matchCriteriaId": "7ACD689D-709B-471F-9C86-66E22E91DBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5303:*:*:*:*:*:*",
"matchCriteriaId": "749731D7-2431-4DBC-9E76-4BFB8F8C57C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5304:*:*:*:*:*:*",
"matchCriteriaId": "5B0B3278-EE00-40F5-8372-9AFA6F44B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5305:*:*:*:*:*:*",
"matchCriteriaId": "916DEBE1-C3AB-415B-9463-1A4253F609C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5306:*:*:*:*:*:*",
"matchCriteriaId": "5CFBBCCD-7625-4C73-AFCA-924DFAC48BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5307:*:*:*:*:*:*",
"matchCriteriaId": "FA24BDA1-675D-45E2-A0F8-041CC6DF1D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5308:*:*:*:*:*:*",
"matchCriteriaId": "CE4EA03B-33D0-4057-A80C-4AF69D22FF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5309:*:*:*:*:*:*",
"matchCriteriaId": "0BA96538-C2F8-42C2-AF49-55B7D216B17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5310:*:*:*:*:*:*",
"matchCriteriaId": "D9227C12-AFD7-4481-8495-998F9AB4E668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5311:*:*:*:*:*:*",
"matchCriteriaId": "17755902-5421-45C1-8952-70771E8C79A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5312:*:*:*:*:*:*",
"matchCriteriaId": "CA16BF41-2F02-422A-A92F-40EA8BF7A75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5313:*:*:*:*:*:*",
"matchCriteriaId": "54C11E83-F0BA-4C47-875E-7CFEC447728E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5314:*:*:*:*:*:*",
"matchCriteriaId": "DDF73A07-905D-4F26-848B-84C3A9F1630C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5315:*:*:*:*:*:*",
"matchCriteriaId": "5EE92704-67CE-4D3A-97D1-BEAB1CFFC70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5316:*:*:*:*:*:*",
"matchCriteriaId": "ABFB14B0-F81C-4C7A-B1EF-EF8C4D779576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5317:*:*:*:*:*:*",
"matchCriteriaId": "219F3924-899B-4D14-90FF-E1F8B8A6B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5318:*:*:*:*:*:*",
"matchCriteriaId": "4C222551-E231-43E3-98BD-773FDB68D589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5319:*:*:*:*:*:*",
"matchCriteriaId": "DAD582DE-6811-4D78-899C-933D1D409EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5320:*:*:*:*:*:*",
"matchCriteriaId": "7D7BF363-19F5-4655-9A8C-AFF535AF0558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5321:*:*:*:*:*:*",
"matchCriteriaId": "962CABE0-C8AF-4C2F-81D7-12D232C390F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5322:*:*:*:*:*:*",
"matchCriteriaId": "613D8FD3-7086-4E59-A012-884A094BAD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5323:*:*:*:*:*:*",
"matchCriteriaId": "7D14A1B5-95A8-4F62-B06A-8BA4641CC35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5324:*:*:*:*:*:*",
"matchCriteriaId": "F3C27B95-B5AB-4BBD-9701-85560CC020CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5325:*:*:*:*:*:*",
"matchCriteriaId": "7B46B8A8-2C90-44C8-A5C9-186593D0A556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5326:*:*:*:*:*:*",
"matchCriteriaId": "2CA0E58E-2535-422A-AF35-3EF017792570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5327:*:*:*:*:*:*",
"matchCriteriaId": "8CC89F07-DD8C-4DD9-BE80-D9DA689A4D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5328:*:*:*:*:*:*",
"matchCriteriaId": "AD53F8D8-34A0-46F0-9AC9-EF088B4C9AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5329:*:*:*:*:*:*",
"matchCriteriaId": "A9B6BA8A-8709-4E8E-A42E-85B0E99818E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5330:*:*:*:*:*:*",
"matchCriteriaId": "B0F00049-CA99-4A6B-B347-78768BF19DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5400:*:*:*:*:*:*",
"matchCriteriaId": "30A10B00-E8DD-445D-AFC3-DC7DAF42724F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5500:*:*:*:*:*:*",
"matchCriteriaId": "CBEEB6C7-764D-4012-9656-FC76F43A53EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5501:*:*:*:*:*:*",
"matchCriteriaId": "86F5057B-4DFA-43A0-B604-9CACEEE926E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5502:*:*:*:*:*:*",
"matchCriteriaId": "5EF382C0-392B-4DA9-AFA2-3CD933615E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5503:*:*:*:*:*:*",
"matchCriteriaId": "78019D71-4598-4095-AAF4-13DCD93F842F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5504:*:*:*:*:*:*",
"matchCriteriaId": "3C6F69D0-1595-42E9-B812-63C133965E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5505:*:*:*:*:*:*",
"matchCriteriaId": "30D743E2-FE10-43BB-9514-4581F33F2C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5506:*:*:*:*:*:*",
"matchCriteriaId": "D4639A68-BAA3-4669-B2F1-AD381A25464D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5507:*:*:*:*:*:*",
"matchCriteriaId": "DF69BD50-A3B7-4C9C-83ED-088EBB977F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5508:*:*:*:*:*:*",
"matchCriteriaId": "0313F401-85DC-4DF0-AEAD-A8D6885902CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5509:*:*:*:*:*:*",
"matchCriteriaId": "924F6A44-0E30-46A9-990E-DA44AA61C012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5510:*:*:*:*:*:*",
"matchCriteriaId": "C514F02D-DB00-4B05-A53C-A13310FE9E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5511:*:*:*:*:*:*",
"matchCriteriaId": "D013876C-9433-4576-84B5-464649CC8199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5512:*:*:*:*:*:*",
"matchCriteriaId": "8DFA286F-0C4E-4C56-8FFB-15481594FE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5513:*:*:*:*:*:*",
"matchCriteriaId": "D86056BB-3CF4-4C8A-B685-1E88E25429F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5514:*:*:*:*:*:*",
"matchCriteriaId": "BDE0C598-57A7-4EEF-A98C-44B871955BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5515:*:*:*:*:*:*",
"matchCriteriaId": "C6F752FD-8B2C-4636-B7DD-343D2DEDE7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5516:*:*:*:*:*:*",
"matchCriteriaId": "B435C1CA-2DD6-4DC7-B7B1-9B232EA5CFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5517:*:*:*:*:*:*",
"matchCriteriaId": "48A77EA0-C382-4A81-9EE3-48F7AC8AFEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5518:*:*:*:*:*:*",
"matchCriteriaId": "48907141-7B99-4D1A-955D-7E98B46E5A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5519:*:*:*:*:*:*",
"matchCriteriaId": "C894A206-F09A-4D6A-9675-618CD8FEFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5520:*:*:*:*:*:*",
"matchCriteriaId": "52028275-3CFA-4AB0-8013-018FF88C11B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5521:*:*:*:*:*:*",
"matchCriteriaId": "2864B47E-79C8-4FE4-97E5-3C85C926CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5600:*:*:*:*:*:*",
"matchCriteriaId": "627B72C4-8311-414D-AA55-EC5F71794F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5601:*:*:*:*:*:*",
"matchCriteriaId": "74839837-94FC-4A6F-8DE2-358A7AD28D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5602:*:*:*:*:*:*",
"matchCriteriaId": "66B9BB15-FA78-4C05-8670-610DD790FF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5603:*:*:*:*:*:*",
"matchCriteriaId": "166217A8-C306-4C79-A33F-D45032F2D1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5604:*:*:*:*:*:*",
"matchCriteriaId": "EFC0E47A-8807-441D-BEFA-1E9A71EDA7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5605:*:*:*:*:*:*",
"matchCriteriaId": "06395B41-9538-42FF-8ADB-E750F5C5B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5606:*:*:*:*:*:*",
"matchCriteriaId": "0DF7379A-F56E-4A2D-8099-2C0E72B8ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus, en versiones 5.7 anteriores a la build 5702, tiene Cross-Site Scripting (XSS) en la implementaci\u00f3n del dise\u00f1o de autoactualizaci\u00f3n."
}
],
"id": "CVE-2018-20484",
"lastModified": "2024-11-21T04:01:34.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T18:29:00.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-25 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-28958/ | Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021 | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html#6102 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-28958/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html#6102 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "ADB66864-2B10-4693-89C5-F13AADCAF0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "36A2372E-DD10-455D-90C9-C8B5EBA52D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "212A1978-367C-417E-B887-6C957B76578C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*",
"matchCriteriaId": "1261129B-F0FD-4849-A8D9-9CBD99910FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*",
"matchCriteriaId": "087A729A-A175-4CE5-AF87-510E51125C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*",
"matchCriteriaId": "EFBB3F80-C322-4015-897D-12736CED3077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*",
"matchCriteriaId": "B3D55605-AD61-4D63-BCA9-CAD95020813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*",
"matchCriteriaId": "327F7E10-4704-46D9-A82A-8E799181D0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*",
"matchCriteriaId": "F515AB67-A302-4A95-BC99-F7F26BA67B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*",
"matchCriteriaId": "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*",
"matchCriteriaId": "C8D9FAD8-419D-4489-AAF7-96953CDB595B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*",
"matchCriteriaId": "04373F72-E36E-4EFD-8215-C6CF44464DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*",
"matchCriteriaId": "126040DD-08A6-45B4-8A41-E47DAF8716FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*",
"matchCriteriaId": "595F8E5F-068B-4526-A76F-D40EADC56135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*",
"matchCriteriaId": "C8608BDC-21B0-4C4C-9C1E-540FDCA13671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*",
"matchCriteriaId": "3AA24300-1217-4DFA-8247-CF1B83B47C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*",
"matchCriteriaId": "AE175D32-95D7-451F-88C0-492B4C827CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48B406DA-32D5-4343-B859-FB463B01CFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*",
"matchCriteriaId": "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*",
"matchCriteriaId": "FE8675BC-B0AA-4067-B079-FCAE97519B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "82FD8A24-2D01-4D2A-ADDE-51EBCC189332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "3CDD178D-9CE8-4FC9-8388-BB89DC949924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "4F3F2942-54CE-41A9-909B-8D5CE515A7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "20D1E7EE-8977-4010-AF5D-843A44853363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*",
"matchCriteriaId": "7F229F49-EA44-4D0A-855B-FC586CE8CFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*",
"matchCriteriaId": "07AED2F0-F527-4B4A-82FC-F571899F3738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "86396EFE-E4E1-42DB-A206-9D44B977DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "89042E18-91F4-4EB7-9276-251A94529D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "0215A848-4170-42E0-9711-E9922CE82CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*",
"matchCriteriaId": "A5D87211-8D8F-420A-AAAC-296FCD214CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "D8C120A3-C62A-4F39-BB9C-546C7AC57D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*",
"matchCriteriaId": "301FC0FF-8064-470E-BFAA-CC54078D1044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*",
"matchCriteriaId": "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*",
"matchCriteriaId": "821E2F3D-5B0C-4985-9934-F80E163EC1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*",
"matchCriteriaId": "0FFD43E2-8C28-4423-8660-8C9FC996C339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "E9497B19-1845-44C5-8868-332DDE6DD1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones hasta 6101, es vulnerable a una Ejecuci\u00f3n de C\u00f3digo Remota no autenticada mientras se cambia la contrase\u00f1a"
}
],
"id": "CVE-2021-28958",
"lastModified": "2024-11-21T06:00:26.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T12:15:08.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-28958/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-28958/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-03 19:29
Modified
2025-05-30 16:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-3905 | ||
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/ | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html#5703 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html#5703 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5703, tiene Server-Side Request Forgery (SSRF)."
}
],
"id": "CVE-2019-3905",
"lastModified": "2025-05-30T16:15:23.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-03T19:29:01.757",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-3905"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5703"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-18 18:15
Modified
2025-03-07 21:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis | Exploit, Third Party Advisory | |
| cve@mitre.org | https://blog.viettelcybersecurity.com/saml-show-stopper/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6 | Release Notes | |
| cve@mitre.org | https://github.com/horizon3ai/CVE-2022-47966 | Third Party Advisory | |
| cve@mitre.org | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.viettelcybersecurity.com/saml-show-stopper/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/horizon3ai/CVE-2022-47966 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_access_manager_plus | * | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_ad360 | * | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_adaudit_plus | * | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_analytics_plus | * | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_assetexplorer | * | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_key_manager_plus | * | |
| zohocorp | manageengine_key_manager_plus | 6.4 | |
| zohocorp | manageengine_pam360 | * | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_password_manager_pro | * | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus_msp | * | |
| zohocorp | manageengine_servicedesk_plus_msp | 13.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_application_control_plus | * | |
| zohocorp | manageengine_browser_security_plus | * | |
| zohocorp | manageengine_device_control_plus | * | |
| zohocorp | manageengine_endpoint_dlp_plus | * | |
| zohocorp | manageengine_os_deployer | * | |
| zohocorp | manageengine_patch_manager_plus | * | |
| zohocorp | manageengine_remote_access_plus | * | |
| zohocorp | manageengine_remote_monitoring_and_management_central | * | |
| zohocorp | manageengine_vulnerability_manager_plus | * |
{
"cisaActionDue": "2023-02-13",
"cisaExploitAdd": "2023-01-23",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*",
"matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*",
"matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*",
"matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*",
"matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*",
"matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*",
"matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA4EA7A-B1C1-4750-A11D-89054B77B320",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "16BADE82-3652-4074-BDFF-828B7213CAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*",
"matchCriteriaId": "97EA9324-9377-46E1-A0EA-637128E65DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*",
"matchCriteriaId": "EA5BE36E-A73A-4D1C-8185-9692373F1444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*",
"matchCriteriaId": "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*",
"matchCriteriaId": "F505C783-09DE-4045-9DB4-DD850B449A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "212BF664-02DE-457F-91A6-6F824ECC963B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "D102B74F-6762-4EFE-BAF7-A7D416867D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*",
"matchCriteriaId": "623151CB-4C6B-4068-B173-FE8E73D652F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*",
"matchCriteriaId": "1D84377E-CB44-4C6A-A665-763A1CD1AF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*",
"matchCriteriaId": "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*",
"matchCriteriaId": "4C568190-1C1B-44FA-B50A-C142A0B8224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*",
"matchCriteriaId": "F876B2E2-C2FF-47BE-9F53-5F86606A08CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68",
"versionEndExcluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
"matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
"matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
"matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*",
"matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*",
"matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*",
"matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*",
"matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*",
"matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*",
"matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*",
"matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*",
"matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2026DE5E-EDDA-4134-A63E-1F01A9ED209F",
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "DBEE7368-580D-422E-80DE-079462579BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "92C88B5F-3689-4314-B23E-D9051808C1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "839EB997-896A-4CD9-BADF-1C2DC2B498F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:*",
"matchCriteriaId": "7A4DF40E-2941-4A38-9297-42502D7EE0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:*",
"matchCriteriaId": "DD056927-1BC0-42A0-8E26-7FC0F4BE58AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:*",
"matchCriteriaId": "99F6F9CC-5A94-4A74-8D36-BE198424C955",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1E5798-5079-4292-9C11-2F334F8AC825",
"versionEndExcluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:*",
"matchCriteriaId": "37D11E5C-C569-4D9F-BFF8-315F6D458D68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*",
"matchCriteriaId": "1E270FB5-C447-4C93-9947-2CE50850A46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*",
"matchCriteriaId": "496AFB26-1E11-4632-8C10-CD80F601FCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:*",
"matchCriteriaId": "B2CE86DA-B688-4E9E-AF16-1974858D18BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:*",
"matchCriteriaId": "4BFA2F57-4506-4B3D-86E8-BE9BEC1134B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C7DC97-8BF1-421F-9272-FD301D2D7A3F",
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*",
"matchCriteriaId": "9BE65B96-74ED-48F1-B86D-CB3387D989CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*",
"matchCriteriaId": "B4127640-1F60-4687-A24A-22B05A125290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*",
"matchCriteriaId": "E42928FB-E0E7-4951-B9B1-CEF60560A945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*",
"matchCriteriaId": "43C059E6-E1CA-4792-B383-93062CD82D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*",
"matchCriteriaId": "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:*",
"matchCriteriaId": "6C34175B-0978-4207-BFC0-F38FDFF9B3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:*",
"matchCriteriaId": "6CAB911E-5CE6-47BA-9909-C42BDFEE0F5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*",
"matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*",
"matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1FCF-76A0-40BC-A38F-56FCB713419F",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*",
"matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F5E8E6-B1AA-4454-86D3-648B67CA915E",
"versionEndExcluding": "10.1.220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FAA4DE-2C24-4ED4-9F2C-84CEA3200E31",
"versionEndExcluding": "11.1.2238.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8239C2A0-BA6D-4B5C-B02F-617178685D52",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA4E3A8-CAB3-461E-8A99-F7D115B17E71",
"versionEndExcluding": "10.1.2137.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC71FA-E248-4DA5-BA76-746631AC435E",
"versionEndExcluding": "1.1.2243.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5784980D-CEBB-4982-BD1F-FD8F5F2A039C",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9F459-2C86-4646-B87C-A55381E0939F",
"versionEndExcluding": "10.1.2228.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D851B9A-EE8F-4634-A26D-BCC44B5CF02A",
"versionEndExcluding": "10.1.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450E672F-FA36-4770-87B6-CC8DA66D2222",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
},
{
"lang": "es",
"value": "M\u00faltiples productos locales de Zoho ManageEngine, como ServiceDesk Plus hasta 14003, permiten la ejecuci\u00f3n remota de c\u00f3digo debido al uso de Apache Santuario xmlsec (tambi\u00e9n conocido como XML Security para Java) 1.4.1, porque las funciones xmlsec XSLT, por dise\u00f1o en esa versi\u00f3n, hacen la aplicaci\u00f3n responsable de ciertas protecciones de seguridad, y las aplicaciones ManageEngine no proporcionaban esas protecciones. Esto afecta a Access Manager Plus anterior a 4308, Active Directory 360 anterior a 4310, ADAudit Plus anterior a 7081, ADManager Plus anterior a 7162, ADSelfService Plus anterior a 6211, Analytics Plus anterior a 5150, Application Control Plus anterior a 10.1.2220.18, Asset Explorer anterior a 6983, Browser Security Plus antes de 11.1.2238.6, Device Control Plus antes de 10.1.2220.18, Endpoint Central antes de 10.1.2228.11, Endpoint Central MSP antes de 10.1.2228.11, Endpoint DLP antes de 10.1.2137.6, Key Manager Plus antes de 6401, OS Deployer antes de 1.1.2243.1, PAM 360 antes de 5713, Password Manager Pro antes de 12124, Patch Manager Plus antes de 10.1.2220.18, Remote Access Plus antes de 10.1.2228.11, Remote Monitoring and Management (RMM) antes de 10.1.41. ServiceDesk Plus anterior a 14004, ServiceDesk Plus MSP anterior a 13001, SupportCenter Plus anterior a 11026 y Vulnerability Manager Plus anterior a 10.1.2220.18. La explotaci\u00f3n solo es posible si alguna vez se ha configurado SAML SSO para un producto (para algunos productos, la explotaci\u00f3n requiere que SAML SSO est\u00e9 actualmente activo).\n"
}
],
"id": "CVE-2022-47966",
"lastModified": "2025-03-07T21:04:52.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-18T18:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-25 03:29
Modified
2024-11-21 04:21
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html#5708 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html#5708 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:4500:*:*:*:*:*:*",
"matchCriteriaId": "796A4512-DC6E-42A1-9A57-D4F446A9BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5032:*:*:*:*:*:*",
"matchCriteriaId": "4C202C90-B792-4E0C-B7A9-C06FDB7C30DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5040:*:*:*:*:*:*",
"matchCriteriaId": "42F19FC5-6C75-458A-9B90-376D0D1B0C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5041:*:*:*:*:*:*",
"matchCriteriaId": "6DC23258-D431-40C0-9853-E08D36A225FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5100:*:*:*:*:*:*",
"matchCriteriaId": "D8AF9E70-E4F7-4BB1-9D49-33633AB9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5101:*:*:*:*:*:*",
"matchCriteriaId": "D1174A0E-EFA2-4FAA-B42A-A0D4FAAD592D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5102:*:*:*:*:*:*",
"matchCriteriaId": "A99912DA-82E6-4FD6-8916-635637941335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5103:*:*:*:*:*:*",
"matchCriteriaId": "FC5FA48C-6B99-4B80-9256-694BD4174557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5104:*:*:*:*:*:*",
"matchCriteriaId": "6D860882-A106-4771-87DF-9ADE482F41DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5105:*:*:*:*:*:*",
"matchCriteriaId": "0DD127BF-200A-45F5-9357-5024C76E7B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5106:*:*:*:*:*:*",
"matchCriteriaId": "8D2143C4-D4A0-4AE5-86D2-D3DEFD27C9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5107:*:*:*:*:*:*",
"matchCriteriaId": "1745145D-493D-4181-B011-46490BBF5A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5108:*:*:*:*:*:*",
"matchCriteriaId": "8A9605CA-8368-47D1-964A-684E099212D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5109:*:*:*:*:*:*",
"matchCriteriaId": "109303F0-F6C6-4BC7-9011-BAAD6B1D043E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5110:*:*:*:*:*:*",
"matchCriteriaId": "39BC2BEF-89B7-48F0-BAFC-26B1DE0E7EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5111:*:*:*:*:*:*",
"matchCriteriaId": "BA12CCBE-5C43-4FF8-A9A5-63B91AA14C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5112:*:*:*:*:*:*",
"matchCriteriaId": "270B44CA-F153-4EF8-8E0B-276E80C8ADB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5113:*:*:*:*:*:*",
"matchCriteriaId": "6EC9A6C6-3D3E-411F-89EF-CAFCF66D8222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5114:*:*:*:*:*:*",
"matchCriteriaId": "CD55F212-950A-4421-9C73-80287647719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5115:*:*:*:*:*:*",
"matchCriteriaId": "61E19A98-DF1A-44B0-AB69-6822F9110FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5116:*:*:*:*:*:*",
"matchCriteriaId": "7AA56B14-E4B5-4373-81F3-ECFD30DC897B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5200:*:*:*:*:*:*",
"matchCriteriaId": "77F2C9F3-67ED-4337-9EC8-A164ADCBFB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5201:*:*:*:*:*:*",
"matchCriteriaId": "DE73451C-7289-4832-84A7-1A9D8CFE5EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5202:*:*:*:*:*:*",
"matchCriteriaId": "74AB64C4-625A-4369-8F16-3145B85A5DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5203:*:*:*:*:*:*",
"matchCriteriaId": "5C8E8A1A-AA00-48AC-BB5F-59DA174A4F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5204:*:*:*:*:*:*",
"matchCriteriaId": "797C805C-68D4-4B5A-8AD8-C2036692C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5205:*:*:*:*:*:*",
"matchCriteriaId": "50D245E8-5719-41B6-95C0-A2CACE88676D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5206:*:*:*:*:*:*",
"matchCriteriaId": "809A4666-41E7-48B8-A9FA-A24A71EC5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5207:*:*:*:*:*:*",
"matchCriteriaId": "6BEADFCD-8A32-4D59-908A-37E9E3A52E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5300:*:*:*:*:*:*",
"matchCriteriaId": "28409900-B268-437E-B474-1CDF7C654161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5301:*:*:*:*:*:*",
"matchCriteriaId": "E4A44B27-87F1-47F2-8596-663C63F4C1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5302:*:*:*:*:*:*",
"matchCriteriaId": "7ACD689D-709B-471F-9C86-66E22E91DBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5303:*:*:*:*:*:*",
"matchCriteriaId": "749731D7-2431-4DBC-9E76-4BFB8F8C57C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5304:*:*:*:*:*:*",
"matchCriteriaId": "5B0B3278-EE00-40F5-8372-9AFA6F44B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5305:*:*:*:*:*:*",
"matchCriteriaId": "916DEBE1-C3AB-415B-9463-1A4253F609C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5306:*:*:*:*:*:*",
"matchCriteriaId": "5CFBBCCD-7625-4C73-AFCA-924DFAC48BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5307:*:*:*:*:*:*",
"matchCriteriaId": "FA24BDA1-675D-45E2-A0F8-041CC6DF1D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5308:*:*:*:*:*:*",
"matchCriteriaId": "CE4EA03B-33D0-4057-A80C-4AF69D22FF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5309:*:*:*:*:*:*",
"matchCriteriaId": "0BA96538-C2F8-42C2-AF49-55B7D216B17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5310:*:*:*:*:*:*",
"matchCriteriaId": "D9227C12-AFD7-4481-8495-998F9AB4E668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5311:*:*:*:*:*:*",
"matchCriteriaId": "17755902-5421-45C1-8952-70771E8C79A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5312:*:*:*:*:*:*",
"matchCriteriaId": "CA16BF41-2F02-422A-A92F-40EA8BF7A75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5313:*:*:*:*:*:*",
"matchCriteriaId": "54C11E83-F0BA-4C47-875E-7CFEC447728E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5314:*:*:*:*:*:*",
"matchCriteriaId": "DDF73A07-905D-4F26-848B-84C3A9F1630C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5315:*:*:*:*:*:*",
"matchCriteriaId": "5EE92704-67CE-4D3A-97D1-BEAB1CFFC70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5316:*:*:*:*:*:*",
"matchCriteriaId": "ABFB14B0-F81C-4C7A-B1EF-EF8C4D779576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5317:*:*:*:*:*:*",
"matchCriteriaId": "219F3924-899B-4D14-90FF-E1F8B8A6B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5318:*:*:*:*:*:*",
"matchCriteriaId": "4C222551-E231-43E3-98BD-773FDB68D589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5319:*:*:*:*:*:*",
"matchCriteriaId": "DAD582DE-6811-4D78-899C-933D1D409EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5320:*:*:*:*:*:*",
"matchCriteriaId": "7D7BF363-19F5-4655-9A8C-AFF535AF0558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5321:*:*:*:*:*:*",
"matchCriteriaId": "962CABE0-C8AF-4C2F-81D7-12D232C390F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5322:*:*:*:*:*:*",
"matchCriteriaId": "613D8FD3-7086-4E59-A012-884A094BAD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5323:*:*:*:*:*:*",
"matchCriteriaId": "7D14A1B5-95A8-4F62-B06A-8BA4641CC35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5324:*:*:*:*:*:*",
"matchCriteriaId": "F3C27B95-B5AB-4BBD-9701-85560CC020CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5325:*:*:*:*:*:*",
"matchCriteriaId": "7B46B8A8-2C90-44C8-A5C9-186593D0A556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5326:*:*:*:*:*:*",
"matchCriteriaId": "2CA0E58E-2535-422A-AF35-3EF017792570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5327:*:*:*:*:*:*",
"matchCriteriaId": "8CC89F07-DD8C-4DD9-BE80-D9DA689A4D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5328:*:*:*:*:*:*",
"matchCriteriaId": "AD53F8D8-34A0-46F0-9AC9-EF088B4C9AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5329:*:*:*:*:*:*",
"matchCriteriaId": "A9B6BA8A-8709-4E8E-A42E-85B0E99818E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5330:*:*:*:*:*:*",
"matchCriteriaId": "B0F00049-CA99-4A6B-B347-78768BF19DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5400:*:*:*:*:*:*",
"matchCriteriaId": "30A10B00-E8DD-445D-AFC3-DC7DAF42724F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5500:*:*:*:*:*:*",
"matchCriteriaId": "CBEEB6C7-764D-4012-9656-FC76F43A53EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5501:*:*:*:*:*:*",
"matchCriteriaId": "86F5057B-4DFA-43A0-B604-9CACEEE926E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5502:*:*:*:*:*:*",
"matchCriteriaId": "5EF382C0-392B-4DA9-AFA2-3CD933615E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5503:*:*:*:*:*:*",
"matchCriteriaId": "78019D71-4598-4095-AAF4-13DCD93F842F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5504:*:*:*:*:*:*",
"matchCriteriaId": "3C6F69D0-1595-42E9-B812-63C133965E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5505:*:*:*:*:*:*",
"matchCriteriaId": "30D743E2-FE10-43BB-9514-4581F33F2C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5506:*:*:*:*:*:*",
"matchCriteriaId": "D4639A68-BAA3-4669-B2F1-AD381A25464D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5507:*:*:*:*:*:*",
"matchCriteriaId": "DF69BD50-A3B7-4C9C-83ED-088EBB977F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5508:*:*:*:*:*:*",
"matchCriteriaId": "0313F401-85DC-4DF0-AEAD-A8D6885902CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5509:*:*:*:*:*:*",
"matchCriteriaId": "924F6A44-0E30-46A9-990E-DA44AA61C012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5510:*:*:*:*:*:*",
"matchCriteriaId": "C514F02D-DB00-4B05-A53C-A13310FE9E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5511:*:*:*:*:*:*",
"matchCriteriaId": "D013876C-9433-4576-84B5-464649CC8199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5512:*:*:*:*:*:*",
"matchCriteriaId": "8DFA286F-0C4E-4C56-8FFB-15481594FE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5513:*:*:*:*:*:*",
"matchCriteriaId": "D86056BB-3CF4-4C8A-B685-1E88E25429F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5514:*:*:*:*:*:*",
"matchCriteriaId": "BDE0C598-57A7-4EEF-A98C-44B871955BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5515:*:*:*:*:*:*",
"matchCriteriaId": "C6F752FD-8B2C-4636-B7DD-343D2DEDE7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5516:*:*:*:*:*:*",
"matchCriteriaId": "B435C1CA-2DD6-4DC7-B7B1-9B232EA5CFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5517:*:*:*:*:*:*",
"matchCriteriaId": "48A77EA0-C382-4A81-9EE3-48F7AC8AFEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5518:*:*:*:*:*:*",
"matchCriteriaId": "48907141-7B99-4D1A-955D-7E98B46E5A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5519:*:*:*:*:*:*",
"matchCriteriaId": "C894A206-F09A-4D6A-9675-618CD8FEFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5520:*:*:*:*:*:*",
"matchCriteriaId": "52028275-3CFA-4AB0-8013-018FF88C11B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5521:*:*:*:*:*:*",
"matchCriteriaId": "2864B47E-79C8-4FE4-97E5-3C85C926CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5600:*:*:*:*:*:*",
"matchCriteriaId": "627B72C4-8311-414D-AA55-EC5F71794F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5601:*:*:*:*:*:*",
"matchCriteriaId": "74839837-94FC-4A6F-8DE2-358A7AD28D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5602:*:*:*:*:*:*",
"matchCriteriaId": "66B9BB15-FA78-4C05-8670-610DD790FF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5603:*:*:*:*:*:*",
"matchCriteriaId": "166217A8-C306-4C79-A33F-D45032F2D1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5604:*:*:*:*:*:*",
"matchCriteriaId": "EFC0E47A-8807-441D-BEFA-1E9A71EDA7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5605:*:*:*:*:*:*",
"matchCriteriaId": "06395B41-9538-42FF-8ADB-E750F5C5B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5606:*:*:*:*:*:*",
"matchCriteriaId": "0DF7379A-F56E-4A2D-8099-2C0E72B8ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*",
"matchCriteriaId": "FE8675BC-B0AA-4067-B079-FCAE97519B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "82FD8A24-2D01-4D2A-ADDE-51EBCC189332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "3CDD178D-9CE8-4FC9-8388-BB89DC949924",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus, en versiones anteriores del build 5708, es vulnerable a un XSS a trav\u00e9s de la API de aplicaciones m\u00f3viles."
}
],
"id": "CVE-2019-11511",
"lastModified": "2024-11-21T04:21:14.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-25T03:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5708"
},
{
"source": "cve@mitre.org",
"url": "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://zeroauth.ltd/blog/2019/05/26/cve-2019-11511-zoho-manageengine-adselfservice-plus-xss/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 17:15
Modified
2025-07-30 19:10
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "ADB66864-2B10-4693-89C5-F13AADCAF0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "36A2372E-DD10-455D-90C9-C8B5EBA52D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "212A1978-367C-417E-B887-6C957B76578C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*",
"matchCriteriaId": "1261129B-F0FD-4849-A8D9-9CBD99910FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*",
"matchCriteriaId": "087A729A-A175-4CE5-AF87-510E51125C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*",
"matchCriteriaId": "EFBB3F80-C322-4015-897D-12736CED3077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*",
"matchCriteriaId": "B3D55605-AD61-4D63-BCA9-CAD95020813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*",
"matchCriteriaId": "327F7E10-4704-46D9-A82A-8E799181D0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*",
"matchCriteriaId": "F515AB67-A302-4A95-BC99-F7F26BA67B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*",
"matchCriteriaId": "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*",
"matchCriteriaId": "C8D9FAD8-419D-4489-AAF7-96953CDB595B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*",
"matchCriteriaId": "04373F72-E36E-4EFD-8215-C6CF44464DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*",
"matchCriteriaId": "126040DD-08A6-45B4-8A41-E47DAF8716FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*",
"matchCriteriaId": "595F8E5F-068B-4526-A76F-D40EADC56135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*",
"matchCriteriaId": "C8608BDC-21B0-4C4C-9C1E-540FDCA13671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*",
"matchCriteriaId": "3AA24300-1217-4DFA-8247-CF1B83B47C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*",
"matchCriteriaId": "AE175D32-95D7-451F-88C0-492B4C827CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48B406DA-32D5-4343-B859-FB463B01CFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*",
"matchCriteriaId": "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "7C6C9325-7A0B-4CFF-BBFB-39C1C6F7B0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*",
"matchCriteriaId": "FE8675BC-B0AA-4067-B079-FCAE97519B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "82FD8A24-2D01-4D2A-ADDE-51EBCC189332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "3CDD178D-9CE8-4FC9-8388-BB89DC949924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "4F3F2942-54CE-41A9-909B-8D5CE515A7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "20D1E7EE-8977-4010-AF5D-843A44853363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*",
"matchCriteriaId": "7F229F49-EA44-4D0A-855B-FC586CE8CFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*",
"matchCriteriaId": "07AED2F0-F527-4B4A-82FC-F571899F3738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "86396EFE-E4E1-42DB-A206-9D44B977DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "89042E18-91F4-4EB7-9276-251A94529D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "0215A848-4170-42E0-9711-E9922CE82CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "4E738DAF-2E66-4D0F-9A8E-B988A51E17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*",
"matchCriteriaId": "A5D87211-8D8F-420A-AAAC-296FCD214CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "D8C120A3-C62A-4F39-BB9C-546C7AC57D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*",
"matchCriteriaId": "301FC0FF-8064-470E-BFAA-CC54078D1044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*",
"matchCriteriaId": "AAAF70B7-53FA-41EF-8558-EAC27EF35AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*",
"matchCriteriaId": "821E2F3D-5B0C-4985-9934-F80E163EC1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*",
"matchCriteriaId": "0FFD43E2-8C28-4423-8660-8C9FC996C339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "E9497B19-1845-44C5-8868-332DDE6DD1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "C5A5D3A5-E2C6-43A3-9142-F5FE23BCB3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones 6113 y anteriores, es vulnerable a una omisi\u00f3n de autenticaci\u00f3n de la API REST con una ejecuci\u00f3n de c\u00f3digo remota resultante"
}
],
"id": "CVE-2021-40539",
"lastModified": "2025-07-30T19:10:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-09-07T17:15:07.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-11 16:15
Modified
2024-11-21 04:58
Severity ?
Summary
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Aug/4 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Aug/6 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/48739 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Aug/4 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Aug/6 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/48739 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 | |
| zohocorp | manageengine_adselfservice_plus | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA200DAA-09C6-4165-86F3-53E0693DEFA4",
"versionEndIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "86396EFE-E4E1-42DB-A206-9D44B977DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "1ECD4B6F-D157-4AA6-A288-AF85ECFE3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "89042E18-91F4-4EB7-9276-251A94529D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "0215A848-4170-42E0-9711-E9922CE82CD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \\windows\\system32, cmd.exe can be launched as a SYSTEM."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios en ManageEngine ADSelfService Plus antes del build 6003, porque no aplica apropiadamente los privilegios de usuario asociados con un cuadro de di\u00e1logo del Certificado. Esta vulnerabilidad podr\u00eda permitir a un atacante no autenticado escalar privilegios sobre un host de Windows. Un atacante no requiere ning\u00fan privilegio en el sistema de destino para explotar esta vulnerabilidad. Una opci\u00f3n es la opci\u00f3n de autoservicio en la pantalla de inicio de sesi\u00f3n de Windows. Al seleccionar esta opci\u00f3n, se inicia el software thick-client, que se conecta a un servidor ADSelfService Plus remoto para facilitar las operaciones de autoservicio. Un atacante no autenticado que tenga acceso f\u00edsico al host podr\u00eda activar una alerta de seguridad al suministrar un certificado SSL autofirmado al cliente. La opci\u00f3n View Certificate de la alerta de seguridad permite a un atacante exportar un certificado desplegado hacia un archivo. Esto puede convertirse en cascada en un cuadro de di\u00e1logo que puede abrir Explorer como SYSTEM. Al navegar desde Explorer en \\windows\\ system32, el archivo cmd.exe puede ser iniciado como un SYSTEM"
}
],
"id": "CVE-2020-11552",
"lastModified": "2024-11-21T04:58:08.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T16:15:12.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48739"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 20:15
Modified
2024-11-21 07:10
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68",
"versionEndExcluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
"matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
"matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
"matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6203, permite una denegaci\u00f3n de servicio (reinicio de la aplicaci\u00f3n) por medio de una carga \u00fatil dise\u00f1ada para la API de despliegue de aplicaciones m\u00f3viles"
}
],
"id": "CVE-2022-34829",
"lastModified": "2024-11-21T07:10:16.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T20:15:07.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-34829.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-18 20:15
Modified
2024-11-21 06:59
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adaudit_plus | * | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0.0 | |
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_exchange_reporter_plus | * | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED61D61A-99CB-4279-AEF4-4F5D509AAAB6",
"versionEndExcluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4647CCE1-92BF-486A-A245-2E6BADC14C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "AC907344-7ACC-41CA-AA1D-8AEE1C604F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "6957BD6B-3CCB-4C45-B3E9-DE988CDEF122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "B932650D-3BCF-4A9C-B518-04C212925C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "FF8CFB6B-DD8F-45BD-9F17-7BE6014AFE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7005:*:*:*:*:*:*",
"matchCriteriaId": "583C263D-F219-434C-A452-9F4A337FAF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7006:*:*:*:*:*:*",
"matchCriteriaId": "154B0AC9-FB9F-42FC-85FF-B6F4DA77F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7007:*:*:*:*:*:*",
"matchCriteriaId": "2C71406B-D0A7-480F-BD70-F01AF8800749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7008:*:*:*:*:*:*",
"matchCriteriaId": "5643057F-7579-465C-9C0F-F83617C6BE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "BD6AFBED-42E1-400B-A198-71220D228770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "6F4BB38D-4E2A-41A0-8ED2-5D23FDE1BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "E14468CC-1FAF-4F3C-872A-283923E11BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "F05B3F91-1ECB-4000-A0E1-814DC82CE9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "F216675D-EC1B-4C67-ACA4-002C3A31976D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "A70FBB7E-A8D7-4DF9-BF7C-C6E8FC6FFCA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*",
"matchCriteriaId": "2EC89DCA-D24A-46BB-8086-C306BB4CDABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*",
"matchCriteriaId": "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*",
"matchCriteriaId": "E319DA11-0C76-4F52-A197-FFBF4F30BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*",
"matchCriteriaId": "B928577F-3183-4305-9009-A8C6970477D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CE6F33B5-418E-4B38-81EB-090E4F3AF89A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*",
"matchCriteriaId": "3FC399C6-4299-4744-9FC5-13CFE7478164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, ADAuditPlus versi\u00f3n 7060, Exchange Reporter Plus versi\u00f3n 5701, y ADManagerPlus versi\u00f3n 7131, permiten una divulgaci\u00f3n de NTLM Hash durante determinados pasos de configuraci\u00f3n de la ruta de almacenamiento"
}
],
"id": "CVE-2022-29457",
"lastModified": "2024-11-21T06:59:07.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-18T20:15:09.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-18 13:15
Modified
2025-03-27 13:58
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/rapid7/metasploit-framework/pull/16475 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/ | Exploit, Patch, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/16475 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/ | Exploit, Patch, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"cisaActionDue": "2023-03-28",
"cisaExploitAdd": "2023-03-07",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*",
"matchCriteriaId": "2EC89DCA-D24A-46BB-8086-C306BB4CDABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*",
"matchCriteriaId": "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*",
"matchCriteriaId": "E319DA11-0C76-4F52-A197-FFBF4F30BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*",
"matchCriteriaId": "B928577F-3183-4305-9009-A8C6970477D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CE6F33B5-418E-4B38-81EB-090E4F3AF89A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6121:*:*:*:*:*:*",
"matchCriteriaId": "1DD9B2CF-8EBE-454D-8A81-873C0A8ACAA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus antes de la compilaci\u00f3n 6122 permite a un administrador remoto autenticado ejecutar comandos arbitrarios del sistema operativo como SYSTEM a trav\u00e9s de la funci\u00f3n de script personalizado de la pol\u00edtica. Debido al uso de una contrase\u00f1a de administrador por defecto, los atacantes pueden ser capaces de abusar de esta funcionalidad con un esfuerzo m\u00ednimo. Adem\u00e1s, un atacante remoto y parcialmente autenticado puede ser capaz de inyectar comandos arbitrarios en el script personalizado debido a un campo de contrase\u00f1a no saneado"
}
],
"id": "CVE-2022-28810",
"lastModified": "2025-03-27T13:58:07.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-04-18T13:15:08.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16475"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-17 18:15
Modified
2024-11-21 04:22
Severity ?
Summary
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/108813 | ||
| cve@mitre.org | https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3 | Broken Link | |
| cve@mitre.org | https://github.com/0katz/CVE-2019-12476 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108813 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/0katz/CVE-2019-12476 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A44531A-3F42-4D1A-AE4A-BE43BDA5BD0F",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de identificaci\u00f3n en la funcionalidad de restablecimiento de contrase\u00f1a en Zoho ManageEngine ADSelfService Plus antes de la versi\u00f3n 5.0.6 permite a un atacante con acceso f\u00edsico obtener una shell con privilegios de SISTEMA a trav\u00e9s del navegador restringido de clientes densos. El ataque usa una larga secuencia de entradas de teclado creadas."
}
],
"id": "CVE-2019-12476",
"lastModified": "2024-11-21T04:22:56.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-17T18:15:10.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108813"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0katz/CVE-2019-12476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0katz/CVE-2019-12476"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-20 12:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/970198175/Simply-use | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/970198175/Simply-use | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor\u0027s perspective is that they have \"found no evidence or detail of a security vulnerability.\""
}
],
"id": "CVE-2023-35854",
"lastModified": "2024-11-21T08:08:49.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-20T12:15:09.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/970198175/Simply-use"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/970198175/Simply-use"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-07 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/99612 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/99612 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC64436A-1539-4803-B82E-336D1CFF32E4",
"versionEndIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en ZOHO ManageEngine ADSelfService Plus anterior a 5.2 Build 5202 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro name en GroupSubscription.do."
}
],
"id": "CVE-2014-3779",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-07T18:59:00.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-17 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/43241 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/8089 | ||
| cve@mitre.org | http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | Exploit | |
| cve@mitre.org | http://www.osvdb.org/70871 | Exploit | |
| cve@mitre.org | http://www.osvdb.org/70872 | Exploit | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/516396/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/46331 | Exploit | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0392 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/65349 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43241 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8089 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/70871 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/70872 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/516396/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46331 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0392 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65349 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A75087-E063-4DDE-8C0A-296A2F3A29FD",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en EmployeeSearch.cc en el Employee Search Engine en ZOHO ManageEngine ADSelfService Plus anterior a v4.5 Build 4500 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro searchString en la acci\u00f3n (1) showList o (2) Search."
}
],
"id": "CVE-2010-3274",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-17T18:00:03.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43241"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8089"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70871"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70872"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37417/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37417/ | Release Notes, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, permiten omitir el CAPTCHA debido a una comprobaci\u00f3n inapropiada de los par\u00e1metros."
}
],
"id": "CVE-2021-37417",
"lastModified": "2024-11-21T06:15:07.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T19:15:09.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37417/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37417/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-15 21:15
Modified
2025-02-13 18:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html | ||
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2023-35 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2023-35 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_analytics_plus | * | |
| zohocorp | manageengine_appcreator | * | |
| zohocorp | manageengine_application_control_plus | * | |
| zohocorp | manageengine_browser_security_plus | * | |
| zohocorp | manageengine_device_control_plus | * | |
| zohocorp | manageengine_endpoint_central | * | |
| zohocorp | manageengine_endpoint_central_msp | * | |
| zohocorp | manageengine_endpoint_dlp_plus | * | |
| zohocorp | manageengine_mobile_device_manager_plus | * | |
| zohocorp | manageengine_mobile_device_manager_plus | 10.1.2207.4 | |
| zohocorp | manageengine_os_deployer | * | |
| zohocorp | manageengine_patch_manager_plus | * | |
| zohocorp | manageengine_remote_access_plus | * | |
| zohocorp | manageengine_remote_monitoring_and_management | * | |
| zohocorp | manageengine_vulnerability_manager_plus | * | |
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.3 | |
| zohocorp | manageengine_adselfservice_plus | 6.3 | |
| zohocorp | manageengine_adselfservice_plus | 6.3 | |
| zohocorp | manageengine_adselfservice_plus | 6.3 | |
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | * | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_cloud_security_plus | * | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_datasecurity_plus | * | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_exchange_reporter_plus | * | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_m365_manager_plus | * | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | * | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_sharepoint_manager_plus | * | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_recoverymanager_plus | * | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_log360_ueba | * | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_patch_connect_plus | 9.0.0 | |
| zohocorp | manageengine_secure_gateway_server | * | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_secure_gateway_server | 9.0 | |
| zohocorp | manageengine_opmanager | * | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| zohocorp | manageengine_opmanager | 12.5 | |
| microsoft | windows | - | |
| zohocorp | manageengine_opmanager | * | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| zohocorp | manageengine_opmanager | 12.7 | |
| linux | linux_kernel | - | |
| zohocorp | manageengine_oputils | * | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| zohocorp | manageengine_oputils | 12.5 | |
| microsoft | windows | - | |
| zohocorp | manageengine_oputils | * | |
| zohocorp | manageengine_oputils | 12.7 | |
| zohocorp | manageengine_oputils | 12.7 | |
| zohocorp | manageengine_oputils | 12.7 | |
| zohocorp | manageengine_oputils | 12.7 | |
| zohocorp | manageengine_oputils | 12.7 | |
| linux | linux_kernel | - | |
| zohocorp | manageengine_firewall_analyzer | * | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| zohocorp | manageengine_firewall_analyzer | 12.5 | |
| microsoft | windows | - | |
| zohocorp | manageengine_firewall_analyzer | * | |
| zohocorp | manageengine_firewall_analyzer | 12.7 | |
| zohocorp | manageengine_firewall_analyzer | 12.7 | |
| zohocorp | manageengine_firewall_analyzer | 12.7 | |
| zohocorp | manageengine_firewall_analyzer | 12.7 | |
| zohocorp | manageengine_firewall_analyzer | 12.7 | |
| linux | linux_kernel | - | |
| zohocorp | manageengine_netflow_analyzer | * | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| zohocorp | manageengine_netflow_analyzer | 12.5 | |
| microsoft | windows | - | |
| zohocorp | manageengine_netflow_analyzer | * | |
| zohocorp | manageengine_netflow_analyzer | 12.7 | |
| zohocorp | manageengine_netflow_analyzer | 12.7 | |
| zohocorp | manageengine_netflow_analyzer | 12.7 | |
| zohocorp | manageengine_netflow_analyzer | 12.7 | |
| zohocorp | manageengine_netflow_analyzer | 12.7 | |
| zohocorp | manageengine_netflow_analyzer | 12.7 | |
| linux | linux_kernel | - | |
| zohocorp | manageengine_network_configuration_manager | * | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| zohocorp | manageengine_network_configuration_manager | 12.5 | |
| microsoft | windows | - | |
| zohocorp | manageengine_network_configuration_manager | * | |
| zohocorp | manageengine_network_configuration_manager | 12.7 | |
| zohocorp | manageengine_network_configuration_manager | 12.7 | |
| zohocorp | manageengine_network_configuration_manager | 12.7 | |
| zohocorp | manageengine_network_configuration_manager | 12.7 | |
| linux | linux_kernel | - | |
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 14.3 | |
| zohocorp | manageengine_servicedesk_plus | 14.3 | |
| zohocorp | manageengine_servicedesk_plus | 14.3 | |
| zohocorp | manageengine_servicedesk_plus | 14.3 | |
| zohocorp | manageengine_assetexplorer | * | |
| zohocorp | manageengine_assetexplorer | 7.0 | |
| zohocorp | manageengine_assetexplorer | 7.0 | |
| zohocorp | manageengine_assetexplorer | 7.0 | |
| zohocorp | manageengine_assetexplorer | 7.0 | |
| zohocorp | manageengine_assetexplorer | 7.0 | |
| zohocorp | manageengine_servicedesk_plus_msp | * | |
| zohocorp | manageengine_servicedesk_plus_msp | 14.3 | |
| zohocorp | manageengine_servicedesk_plus_msp | 14.3 | |
| zohocorp | manageengine_servicedesk_plus_msp | 14.3 | |
| zohocorp | manageengine_servicedesk_plus_msp | 14.3 | |
| zohocorp | manageengine_servicedesk_plus_msp | 14.3 | |
| zohocorp | manageengine_access_manager_plus | * | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_supportcenter_plus | * | |
| zohocorp | manageengine_supportcenter_plus | 14.3 | |
| zohocorp | manageengine_supportcenter_plus | 14.3 | |
| zohocorp | manageengine_supportcenter_plus | 14.3 | |
| zohocorp | manageengine_supportcenter_plus | 14.3 | |
| zohocorp | manageengine_pam360 | * | |
| zohocorp | manageengine_password_manager_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725AEAF1-8E3C-4D33-B65D-C8304506A131",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_appcreator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A753D74-F09F-4C42-A7C2-4D3A280FCACC",
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEDFE0E-9C9A-4DF6-9918-B5BD4DC67624",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C65599-8166-4066-BF0F-5C3CC55F544A",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB1749-097D-4F9F-94DB-F35E72A42034",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06579974-7085-42B3-9F9F-A733A1CA37D9",
"versionEndExcluding": "11.2.2322.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_central_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F551AC16-6CBA-4460-A05D-D083967BDF07",
"versionEndExcluding": "11.2.2322.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE96B83-9684-4955-81C5-AD5B5BC817DF",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC58FEB-B8E4-4B1C-AE55-F4577D7BF505",
"versionEndExcluding": "10.1.2204.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:10.1.2207.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B65D12-7DAE-4815-993C-7C5903E990DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C070B9E-FE09-4CFE-B489-DC9CED210CF1",
"versionEndExcluding": "1.2.2331.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9C6675-2DDB-4FD6-8FA6-B3EE56F87F69",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4B79F8-4D04-4EA4-8754-355DB6CA71B8",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA39630-6CE1-46E3-AF49-67DB09308C5D",
"versionEndExcluding": "10.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D89B41-A239-4329-9BEA-6D52EE8644D8",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD7707C-0FE5-475D-8FB2-CDB19363421A",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6300:*:*:*:*:*:*",
"matchCriteriaId": "F0C93DB0-3029-4D49-B180-6EFAEC4B712B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6301:*:*:*:*:*:*",
"matchCriteriaId": "F69BFD56-BA90-426C-9EF1-4BD925657BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6302:*:*:*:*:*:*",
"matchCriteriaId": "1171C259-086C-42CA-BE56-5B410677F72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6303:*:*:*:*:*:*",
"matchCriteriaId": "827B0C20-903F-48A5-8918-81F39202C21F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "BC919233-CE66-416C-8649-B94A23F131F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "3489D84B-5960-4FA7-A2DD-88AE35C34CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*",
"matchCriteriaId": "D86AB1CC-0FDE-4CC1-BF64-E0C61EAF652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*",
"matchCriteriaId": "076FDAE7-9DB2-4A04-B09E-E53858D208C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*",
"matchCriteriaId": "07C08B57-FA76-4E24-BC10-B837597BC7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*",
"matchCriteriaId": "0D734ACB-33E8-4315-8A79-2B97CE1D0509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*",
"matchCriteriaId": "9314CA98-7A69-4D2B-9928-40F55888C9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*",
"matchCriteriaId": "BCE7999C-D6AE-4406-A563-A520A171381D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*",
"matchCriteriaId": "D5716895-4553-4613-B774-0964D3E88AA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F",
"versionEndExcluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*",
"matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*",
"matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*",
"matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*",
"matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*",
"matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*",
"matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*",
"matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*",
"matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*",
"matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*",
"matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*",
"matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*",
"matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*",
"matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*",
"matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*",
"matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*",
"matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*",
"matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*",
"matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*",
"matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4162:*:*:*:*:*:*",
"matchCriteriaId": "0F95BCBE-399F-4CCC-A17B-C0C3A03A99AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "2FE57085-2085-4F62-9900-7B8DFC558418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CAB7FA92-DC12-4E8A-91CC-3C98ED74E47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6121:*:*:*:*:*:*",
"matchCriteriaId": "D04530C2-E4D0-4717-95DB-B7C224348502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6125:*:*:*:*:*:*",
"matchCriteriaId": "9BBD018F-C1FD-4A0F-A145-253D86185F6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "7AA9384F-6401-4495-B558-23E5A7A7528C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*",
"matchCriteriaId": "E492F955-0734-4AE4-A59F-572ADF0CFE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*",
"matchCriteriaId": "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*",
"matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*",
"matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*",
"matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*",
"matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*",
"matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*",
"matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*",
"matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*",
"matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*",
"matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*",
"matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*",
"matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*",
"matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*",
"matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*",
"matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*",
"matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*",
"matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*",
"matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*",
"matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*",
"matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*",
"matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*",
"matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*",
"matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4531:*:*:*:*:*:*",
"matchCriteriaId": "DC06E46F-441E-445B-A780-702B170901DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4532:*:*:*:*:*:*",
"matchCriteriaId": "A8A98287-DB5D-44A3-B835-54BACFC12944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4533:*:*:*:*:*:*",
"matchCriteriaId": "53F32DE7-F211-4BEF-99C1-CE38EFDBCCC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4535:*:*:*:*:*:*",
"matchCriteriaId": "91C3EE55-B71B-432C-A68E-BB126A715375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4536:*:*:*:*:*:*",
"matchCriteriaId": "FD48F21A-2D38-4EB8-B190-58CF176C1EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4537:*:*:*:*:*:*",
"matchCriteriaId": "76346162-0BF0-4B21-82D2-2548A989396A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4538:*:*:*:*:*:*",
"matchCriteriaId": "5313C4EF-A960-4BCA-AA97-EDC88402A175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*",
"matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*",
"matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*",
"matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*",
"matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*",
"matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*",
"matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*",
"matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*",
"matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*",
"matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*",
"matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*",
"matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*",
"matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*",
"matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*",
"matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*",
"matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*",
"matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*",
"matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*",
"matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*",
"matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*",
"matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4531:*:*:*:*:*:*",
"matchCriteriaId": "EF72A1BF-EE5D-4F43-B463-7E51285D4D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4532:*:*:*:*:*:*",
"matchCriteriaId": "2FDD429A-E938-483A-BCCF-50A2AD4096CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4533:*:*:*:*:*:*",
"matchCriteriaId": "162D604A-7F0E-44CF-9E48-D8B54F8F3509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4535:*:*:*:*:*:*",
"matchCriteriaId": "AD38FA0F-B94F-4731-A652-07702EE0B808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4536:*:*:*:*:*:*",
"matchCriteriaId": "F2C3767E-A56B-4580-AF8C-9BF5852EE414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4537:*:*:*:*:*:*",
"matchCriteriaId": "5434E8CB-8DD0-4245-AF61-CF3A69BD0C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4538:*:*:*:*:*:*",
"matchCriteriaId": "C2403DA1-FBF8-495E-B996-4060F6BE6EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
"matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
"matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
"matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4403:*:*:*:*:*:*",
"matchCriteriaId": "B7B8A2F3-5F46-40B2-A4E7-118341443C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4404:*:*:*:*:*:*",
"matchCriteriaId": "767BF16D-8CD8-4E8A-9A3B-CB11EB48FB9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD",
"versionEndExcluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*",
"matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*",
"matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*",
"matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*",
"matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*",
"matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*",
"matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*",
"matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*",
"matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*",
"matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*",
"matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*",
"matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*",
"matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*",
"matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*",
"matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*",
"matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*",
"matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*",
"matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*",
"matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*",
"matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*",
"matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*",
"matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*",
"matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*",
"matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*",
"matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*",
"matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*",
"matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*",
"matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6062:*:*:*:*:*:*",
"matchCriteriaId": "49E40C74-7077-4366-82A7-52B454725B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6070:*:*:*:*:*:*",
"matchCriteriaId": "038D7936-C837-4E49-89BC-D11DF2C875D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6071:*:*:*:*:*:*",
"matchCriteriaId": "D1DC87E8-3053-4823-BFDB-46BAF3FCEFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6072:*:*:*:*:*:*",
"matchCriteriaId": "E384B5D8-CF9A-4C6D-AB4A-5B1A66768ADB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC606E6A-3523-41D5-94C9-A62E8630A687",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*",
"matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*",
"matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*",
"matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*",
"matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*",
"matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*",
"matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*",
"matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*",
"matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*",
"matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*",
"matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*",
"matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*",
"matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*",
"matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*",
"matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*",
"matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*",
"matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*",
"matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*",
"matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*",
"matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*",
"matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4046:*:*:*:*:*:*",
"matchCriteriaId": "6C8D7EA7-7CC3-48B0-B966-71A69FDE6A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4047:*:*:*:*:*:*",
"matchCriteriaId": "05D804B6-5990-42A7-A072-8F904A5262E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4048:*:*:*:*:*:*",
"matchCriteriaId": "0C720653-317E-4B1C-AFA8-90FAE97430C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90001:*:*:*:*:*:*",
"matchCriteriaId": "A9C350FA-E483-4C06-A784-5679ED0471BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90063:*:*:*:*:*:*",
"matchCriteriaId": "15A47AA7-8B49-41EC-AB57-5706989DF756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90064:*:*:*:*:*:*",
"matchCriteriaId": "D1CCB7C8-86B9-4DA8-93D0-F96B81C82F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90065:*:*:*:*:*:*",
"matchCriteriaId": "397140D3-2424-42D9-9900-625EC4E95D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90066:*:*:*:*:*:*",
"matchCriteriaId": "BA8C9A27-572E-407F-826A-1206394044D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90067:*:*:*:*:*:*",
"matchCriteriaId": "7601CC24-FC2D-4805-A975-2D307DECDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90068:*:*:*:*:*:*",
"matchCriteriaId": "A513B136-7DC5-48DD-BDCB-1620A14849B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90069:*:*:*:*:*:*",
"matchCriteriaId": "0858CFDE-7D76-4A63-BE21-A73310AD17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90070:*:*:*:*:*:*",
"matchCriteriaId": "1BD8F9F8-89EB-422E-A4B1-E715AFD72341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90071:*:*:*:*:*:*",
"matchCriteriaId": "E0271D12-94E8-4345-9666-4A47A5AAB824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90072:*:*:*:*:*:*",
"matchCriteriaId": "513337E6-D805-461B-812F-D6EEA0921883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90073:*:*:*:*:*:*",
"matchCriteriaId": "8EB5C610-33AC-486C-AF48-4A889D429420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90074:*:*:*:*:*:*",
"matchCriteriaId": "81FC1ED5-99FF-4C30-BCE0-5CDC7A5E4C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90075:*:*:*:*:*:*",
"matchCriteriaId": "EA473C80-4100-4170-9601-8C9EEB5F64CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90076:*:*:*:*:*:*",
"matchCriteriaId": "5D2C41A7-1602-43CD-9E6D-A0178931C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90077:*:*:*:*:*:*",
"matchCriteriaId": "238E3508-0230-441E-8114-6EEB79E22632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90078:*:*:*:*:*:*",
"matchCriteriaId": "2C85C7DB-BC46-4D0A-8353-C2DB51BFFD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90079:*:*:*:*:*:*",
"matchCriteriaId": "0BAAFCD6-5945-46BE-9380-5C2F79060B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90080:*:*:*:*:*:*",
"matchCriteriaId": "B6E108C0-075A-493D-B8AE-343D81BEC9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90081:*:*:*:*:*:*",
"matchCriteriaId": "CA614153-4E29-45AB-BBC2-9BA0CDAD4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90082:*:*:*:*:*:*",
"matchCriteriaId": "F95B1920-005C-494C-A9A9-C72502E45723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90083:*:*:*:*:*:*",
"matchCriteriaId": "DA3C51B7-B8A0-42F4-ADC9-C949B610EE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90084:*:*:*:*:*:*",
"matchCriteriaId": "180D4816-E5D0-406B-B289-4B1984250B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90085:*:*:*:*:*:*",
"matchCriteriaId": "57883D51-1188-4C14-B2EF-26FD4B156526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90086:*:*:*:*:*:*",
"matchCriteriaId": "D5A59B7E-74CF-425F-B814-313D5F1F7670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90087:*:*:*:*:*:*",
"matchCriteriaId": "327F6B11-9176-4791-96D0-FAD8EBE9D5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90088:*:*:*:*:*:*",
"matchCriteriaId": "5E057023-0175-4DB5-98A4-942FB81AF59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90089:*:*:*:*:*:*",
"matchCriteriaId": "28E12A60-CEB6-46BD-A4E8-48651A651E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90090:*:*:*:*:*:*",
"matchCriteriaId": "25FA111C-01EA-49CA-BF67-A8C8C9A6E415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90091:*:*:*:*:*:*",
"matchCriteriaId": "855DD295-DB63-4AF1-8C5A-0904BF049658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90092:*:*:*:*:*:*",
"matchCriteriaId": "CDFE095C-C659-44BE-9740-C8B712165912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90093:*:*:*:*:*:*",
"matchCriteriaId": "FFB28D66-83BF-4685-9015-0B30021C59C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90094:*:*:*:*:*:*",
"matchCriteriaId": "9B82AA92-96B6-4841-BAC0-AA1487CBEB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90095:*:*:*:*:*:*",
"matchCriteriaId": "81A65567-42E6-416B-8FB0-2571FDF60207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90096:*:*:*:*:*:*",
"matchCriteriaId": "2193F4C6-5679-487B-82B8-C55A874ED5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90097:*:*:*:*:*:*",
"matchCriteriaId": "124CB5EC-44C1-4136-B495-053F2299E59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90098:*:*:*:*:*:*",
"matchCriteriaId": "A183735E-12AF-4692-A228-FE3B1169ABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90099:*:*:*:*:*:*",
"matchCriteriaId": "3C1C57BB-73A7-4B48-B99C-A18E1CE55553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90100:*:*:*:*:*:*",
"matchCriteriaId": "020F4E45-45D2-4F1A-BAF8-8C61F45F5770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90101:*:*:*:*:*:*",
"matchCriteriaId": "039F68D9-A36A-44BE-A457-790ECCB20FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90102:*:*:*:*:*:*",
"matchCriteriaId": "23BDB028-FCCE-4A9D-887B-6A6F8166CFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90103:*:*:*:*:*:*",
"matchCriteriaId": "5210BAA8-2ECC-49AA-8408-815433DC28D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90104:*:*:*:*:*:*",
"matchCriteriaId": "C8DC19CC-3F95-4753-8037-FB627D1D6167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90105:*:*:*:*:*:*",
"matchCriteriaId": "93F07AFE-4E9A-4001-A17A-606A7B5E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90106:*:*:*:*:*:*",
"matchCriteriaId": "06B25C38-DE86-4F3E-918E-BC70FCC0054B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90107:*:*:*:*:*:*",
"matchCriteriaId": "E3F2E0E6-01D2-418D-872E-B117259E990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90108:*:*:*:*:*:*",
"matchCriteriaId": "41D80E46-35FE-45E5-96D6-28691C0847DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90109:*:*:*:*:*:*",
"matchCriteriaId": "4D7768DA-1111-4557-A0D6-D3A74AC7FA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90110:*:*:*:*:*:*",
"matchCriteriaId": "B3001463-3729-4216-B420-602A11C74244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90111:*:*:*:*:*:*",
"matchCriteriaId": "9A68EC19-3A57-41C4-90FA-CB1BF20EB8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90112:*:*:*:*:*:*",
"matchCriteriaId": "193913B2-25D1-4779-B7E6-ACC5992AFC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90113:*:*:*:*:*:*",
"matchCriteriaId": "E7AA77AA-E00E-4125-A698-12B30434F632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90114:*:*:*:*:*:*",
"matchCriteriaId": "229FBCFC-2810-44D1-9687-A7C060F6F9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90115:*:*:*:*:*:*",
"matchCriteriaId": "99C3BBC2-F1D3-4873-A8FB-1B79A2163F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90116:*:*:*:*:*:*",
"matchCriteriaId": "4A06EF86-915C-4D09-965B-3A9D4DFC96B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90117:*:*:*:*:*:*",
"matchCriteriaId": "3D67F80D-E999-4E46-8386-8122DC17DBCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90118:*:*:*:*:*:*",
"matchCriteriaId": "2593B38A-1281-41C9-B065-E6EFDF6BD71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90119:*:*:*:*:*:*",
"matchCriteriaId": "B61541E8-5818-475B-9E54-C45C71C14A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90120:*:*:*:*:*:*",
"matchCriteriaId": "84DE1BA0-8C36-44DF-91A0-96EA6EF736D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90121:*:*:*:*:*:*",
"matchCriteriaId": "BB2F2DEA-5E03-442E-A46B-B6C218BF3273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90122:*:*:*:*:*:*",
"matchCriteriaId": "CCEFA415-47D7-4DA2-B541-DD0B67AF30A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90123:*:*:*:*:*:*",
"matchCriteriaId": "B147B06A-969E-4541-A863-DF4045D39527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B20C46B3-C23E-42AF-BA81-117B8541171B",
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90012:*:*:*:*:*:*",
"matchCriteriaId": "A897E8C8-6058-4BEC-BF00-3E8614238E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90013:*:*:*:*:*:*",
"matchCriteriaId": "8B39A3B3-5B9E-4B31-9CE2-3625EA9C9AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90014:*:*:*:*:*:*",
"matchCriteriaId": "FBF5AF44-E30B-4948-B0E2-42EE062DC3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90015:*:*:*:*:*:*",
"matchCriteriaId": "356F078A-9887-423A-8BA7-74201DE109F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90016:*:*:*:*:*:*",
"matchCriteriaId": "9B8887A3-14C6-4DFB-9EBF-35966B4E6158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90017:*:*:*:*:*:*",
"matchCriteriaId": "3A0FE6B3-E037-45F4-A907-51CD99E7B8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90018:*:*:*:*:*:*",
"matchCriteriaId": "250CFA85-89C5-4F75-AF0F-BEA9C816E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90019:*:*:*:*:*:*",
"matchCriteriaId": "85B8B8F4-951D-446C-A8F8-EEBDC385D83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90020:*:*:*:*:*:*",
"matchCriteriaId": "288C8246-7367-4D10-A0D4-5426B7EA17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90021:*:*:*:*:*:*",
"matchCriteriaId": "59326535-A08E-4588-BAB8-9DF094FB61F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90022:*:*:*:*:*:*",
"matchCriteriaId": "077B9DBD-190C-4F20-BD3A-64D6887B7930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90030:*:*:*:*:*:*",
"matchCriteriaId": "0587320F-C57E-41F7-B31F-1EA52ED234B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90031:*:*:*:*:*:*",
"matchCriteriaId": "0911BEEC-A6E4-440C-8217-A7FAAC1D3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90032:*:*:*:*:*:*",
"matchCriteriaId": "A9D9805F-4F6B-4A15-A444-3B6538BCDDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90033:*:*:*:*:*:*",
"matchCriteriaId": "48901205-BDE9-4CBA-9E3B-779D949CBF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90034:*:*:*:*:*:*",
"matchCriteriaId": "69539391-6C6A-498A-B952-D4F12C2FEC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90035:*:*:*:*:*:*",
"matchCriteriaId": "4A36B8AA-987B-4112-8B67-5BC306F9CF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90036:*:*:*:*:*:*",
"matchCriteriaId": "96E9422A-CA9D-4BC8-90DB-3E3A1966E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90041:*:*:*:*:*:*",
"matchCriteriaId": "11A2E17D-3B33-4531-B78B-156BC2C7E53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90042:*:*:*:*:*:*",
"matchCriteriaId": "4C34129B-5A15-4BE9-BB15-66101A5EAB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90043:*:*:*:*:*:*",
"matchCriteriaId": "DA9A87D7-0707-4321-B5D2-2B4CBC66E838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90044:*:*:*:*:*:*",
"matchCriteriaId": "C2C06D73-9BEA-4604-BE73-3CE8A2DDD52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90056:*:*:*:*:*:*",
"matchCriteriaId": "DAA7B941-6FE6-45CA-931D-6414DFEA9B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90057:*:*:*:*:*:*",
"matchCriteriaId": "F7EEEF6C-DD29-4E6F-BED7-AE10184C2F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90058:*:*:*:*:*:*",
"matchCriteriaId": "D36AD9EC-82D0-451B-ADD4-1EEC0FDC389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90072:*:*:*:*:*:*",
"matchCriteriaId": "F68164FC-9A09-4145-97B8-99EE5532E6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90074:*:*:*:*:*:*",
"matchCriteriaId": "2FB5646D-11C7-4878-9471-4F6D483CE979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90075:*:*:*:*:*:*",
"matchCriteriaId": "BBC0A0C3-C33E-46E9-A099-A5A66F576138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90076:*:*:*:*:*:*",
"matchCriteriaId": "76584957-0388-4421-8336-75EE90D00349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90077:*:*:*:*:*:*",
"matchCriteriaId": "05C542D5-7E3A-46E2-8CB6-A13159EFA4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90078:*:*:*:*:*:*",
"matchCriteriaId": "7E7BF415-29D3-4BD0-8613-317D7EC7C992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90079:*:*:*:*:*:*",
"matchCriteriaId": "7F046602-4595-48C8-83F5-A43FD501003F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90080:*:*:*:*:*:*",
"matchCriteriaId": "FC5B464F-D327-4181-A911-2E3683B914B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90081:*:*:*:*:*:*",
"matchCriteriaId": "025D8F22-968F-44B6-83E1-13DAB7A514A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90082:*:*:*:*:*:*",
"matchCriteriaId": "F9F60549-59CE-47D0-BF2A-91B84A0B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90083:*:*:*:*:*:*",
"matchCriteriaId": "6F982139-0EDC-411C-A074-A29963DCA328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90084:*:*:*:*:*:*",
"matchCriteriaId": "FBED4ED7-E991-48D0-AE27-71F9DEA5EDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90085:*:*:*:*:*:*",
"matchCriteriaId": "8C6BE721-D851-406E-9AAF-01F9A9E15ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90086:*:*:*:*:*:*",
"matchCriteriaId": "F1D6E935-53D3-462D-9DD8-91BFEC90BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90087:*:*:*:*:*:*",
"matchCriteriaId": "E580F0AB-B840-4293-8639-4B7DD7981EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90088:*:*:*:*:*:*",
"matchCriteriaId": "2CC8FE34-A5C9-4EF7-AA05-BEE403AB3B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90090:*:*:*:*:*:*",
"matchCriteriaId": "A80444F6-755F-4FE3-96B3-744A842D40AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FC79-6554-4B68-89EB-D7A8422C7406",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "94F878CC-E691-41E9-A90D-72EA25038963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*",
"matchCriteriaId": "6D1EA156-BD95-4AAA-B688-0CD62CCDB60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*",
"matchCriteriaId": "8033E51C-D261-4A12-96CD-AE1F13BFD2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*",
"matchCriteriaId": "9EE1E1E6-ED1C-443A-A576-AD47D65082B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*",
"matchCriteriaId": "3E283214-CE6A-4CD6-9E9B-7BF09C37447D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "8FF84A5E-C43B-4637-B725-1087D2057EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*",
"matchCriteriaId": "25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*",
"matchCriteriaId": "46E32091-F91D-4706-A4F9-DC658CF36A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*",
"matchCriteriaId": "AC7D1106-6708-4A84-A077-286376C72AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*",
"matchCriteriaId": "071B3368-D7C2-4EE1-808F-1F4A3C3A4756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*",
"matchCriteriaId": "4E9D5882-91D6-4E9D-AD8B-F3861D987826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*",
"matchCriteriaId": "17931D40-369C-430F-B5ED-FAF69FAA0E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*",
"matchCriteriaId": "02B4D022-BC43-4041-BA2B-60A6D42AD150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*",
"matchCriteriaId": "15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "5ED17849-BC14-4996-9DF9-7645B1E17374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*",
"matchCriteriaId": "D91F6CC5-EDBE-420F-8871-03B8D10254B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*",
"matchCriteriaId": "E82C682C-9F61-45B7-B934-8D6DDBA792AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*",
"matchCriteriaId": "2FC7728B-9FFC-4A8F-BE24-926B8C2823AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "78BE6CCE-706E-436B-A6E6-26E7D044B209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*",
"matchCriteriaId": "8BD54A67-C531-4642-90D4-C6E402D55AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*",
"matchCriteriaId": "9DF164BD-EF39-42E2-807D-F298D68A8D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*",
"matchCriteriaId": "5D85766D-1BAC-4477-96D6-EA989D392128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*",
"matchCriteriaId": "CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*",
"matchCriteriaId": "16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*",
"matchCriteriaId": "F3D18E27-EE06-4555-A675-1BAC7D3DD8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*",
"matchCriteriaId": "0FEFDFF7-5538-4C53-922A-A5E71A0D643E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*",
"matchCriteriaId": "02463016-7156-470F-8535-EF4C7E150546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*",
"matchCriteriaId": "8DEB616C-2DDC-4138-B6FC-8B2680D35485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*",
"matchCriteriaId": "D51E7B22-9293-4086-B143-2D279597A5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*",
"matchCriteriaId": "BB4D8585-6109-45C0-94B4-667D11F0509F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*",
"matchCriteriaId": "97CB62BA-09FA-446D-A8CF-958980B67F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*",
"matchCriteriaId": "F871111C-4B61-4C50-ABDA-78D8D988DCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*",
"matchCriteriaId": "9950CFB9-FCDE-4696-97AF-251467270375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*",
"matchCriteriaId": "B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*",
"matchCriteriaId": "56BCA911-733C-4F8C-B3CD-22F3E6CA1F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*",
"matchCriteriaId": "A1281E75-AC6D-4077-9207-7CA7E5BCB1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*",
"matchCriteriaId": "CC052CBA-2B37-4E84-978D-36185EE1A3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "72CC7428-8DD0-45DB-8D80-C02CD9B6CB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*",
"matchCriteriaId": "0C1691B0-FA38-4A29-8D49-D99A675C122A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*",
"matchCriteriaId": "194ACE61-101D-40C3-9377-12039533AB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*",
"matchCriteriaId": "86428D44-03BC-4528-ADB5-3AC05231759D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "B694D0FC-320A-44F9-9FFB-0706CDD3004C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*",
"matchCriteriaId": "BE298317-10EE-4A34-B4D0-8D03B727A75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*",
"matchCriteriaId": "B0A1B243-163D-461B-BEAB-81E6E2DB36EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*",
"matchCriteriaId": "5E86C3A0-700E-4CB2-AFDC-F203C61D413C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*",
"matchCriteriaId": "A550184D-13BD-4F2A-9DE5-AC66B496FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*",
"matchCriteriaId": "538BCF38-69B6-4686-B1F1-82B10175CCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*",
"matchCriteriaId": "F29A6AE3-B864-4552-9BE9-074CB6935B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "7CD2AB8D-F638-48E0-A5D6-1E969F9998B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "76528168-A54D-4398-B558-6DC27ACCBFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*",
"matchCriteriaId": "6C1DCA3B-41B8-402B-B5E8-2C3494C36B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*",
"matchCriteriaId": "531A9E5C-9C45-4982-8ADE-5B41CE5F5B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*",
"matchCriteriaId": "FA70F031-A7EF-49F5-A1F6-C3DD33198D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*",
"matchCriteriaId": "5DF093BF-830B-4C9A-A4B2-41C7811E4EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*",
"matchCriteriaId": "AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*",
"matchCriteriaId": "A2176672-0E34-4B46-9202-483F1D315836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*",
"matchCriteriaId": "FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "94AF723B-F1B7-44A8-B654-7C10881A6AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "0C65E8BE-968F-4AB8-BD3F-A123C66E576A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:*",
"matchCriteriaId": "9A4C70B1-A902-4835-BFFC-692CA91C1317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "06FE113C-94B6-419B-8AA0-767EA74D11ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:*",
"matchCriteriaId": "C30413D5-7F5B-47EE-825E-CEEF69DAC5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:*",
"matchCriteriaId": "57DA6C66-3235-4923-89D0-EF093FF4126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:*",
"matchCriteriaId": "82307372-C2CF-4E19-9D1D-7D33FCCE8F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "A5289D80-1C75-4819-B615-8259B25B1E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:*",
"matchCriteriaId": "25CC8F8B-9072-41E3-8045-25D12EE22427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:*",
"matchCriteriaId": "6000E214-BF19-469C-A7CA-CC91465B2CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:*",
"matchCriteriaId": "1AA9EA4B-DD82-46E7-9C44-77AC076F61CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:*",
"matchCriteriaId": "50E697EA-0A78-477D-B726-AC54EE868244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:*",
"matchCriteriaId": "E64AAB62-43C4-4284-B2AA-1DC55B972803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125346:*:*:*:*:*:*",
"matchCriteriaId": "E3A43E19-D06D-4856-AA55-02B8148EAB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125358:*:*:*:*:*:*",
"matchCriteriaId": "310C491E-92CE-4EE8-9CDE-70640DE9CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125359:*:*:*:*:*:*",
"matchCriteriaId": "A82217B5-0A11-4BE6-ACEF-991B2DFE53D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125360:*:*:*:*:*:*",
"matchCriteriaId": "7C69DA1F-F0A3-4E9F-96E2-F7A4E9B876C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125361:*:*:*:*:*:*",
"matchCriteriaId": "033944E6-8A01-4566-81C4-2B76F10C2839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "3D969C61-1F9A-4B97-B6DA-04F84E3E2936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125364:*:*:*:*:*:*",
"matchCriteriaId": "9984754B-1FA5-4CDF-AFC3-BD97C6C6B177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125366:*:*:*:*:*:*",
"matchCriteriaId": "718427DB-57A7-4AB0-AA4C-7716E5A5F084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125367:*:*:*:*:*:*",
"matchCriteriaId": "CD43B869-6A7F-461D-A870-448C91FB7A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125375:*:*:*:*:*:*",
"matchCriteriaId": "98DD8376-4B21-4024-878D-DB74D1FF7A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "5E8B8FBA-39ED-4E7A-AA1C-A6C15E8C92B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125377:*:*:*:*:*:*",
"matchCriteriaId": "4742B198-8630-4A45-AE87-6731BF56081A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125378:*:*:*:*:*:*",
"matchCriteriaId": "3782ABA4-5247-4349-8CD8-BCE85B98D44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125379:*:*:*:*:*:*",
"matchCriteriaId": "C39E5DB9-1B75-4204-9B24-70F6294F1F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125380:*:*:*:*:*:*",
"matchCriteriaId": "F9459981-3E65-489C-9A70-B582EC9C8BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "BF90B539-9180-4A96-9E2F-F35DCA6DD720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125382:*:*:*:*:*:*",
"matchCriteriaId": "2A6D1150-602E-4006-9F6B-10C6649AC05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125386:*:*:*:*:*:*",
"matchCriteriaId": "FB168E3D-63AB-45D7-AAC1-2D01CD6956F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125392:*:*:*:*:*:*",
"matchCriteriaId": "B8DCEAE6-AAE6-40B0-83B2-A579A6BF9854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125393:*:*:*:*:*:*",
"matchCriteriaId": "FCFEA624-968F-4A0F-969D-2190B1269EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125394:*:*:*:*:*:*",
"matchCriteriaId": "64F9D21C-AC05-4629-864F-85AFA3789739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125397:*:*:*:*:*:*",
"matchCriteriaId": "07E47F97-63EC-4BF1-AE54-3B510B66202D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125398:*:*:*:*:*:*",
"matchCriteriaId": "160765FF-9A56-4072-9580-C6DCB573B061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "F1EE56C3-5F42-4D2C-AEC0-035078DAE445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125405:*:*:*:*:*:*",
"matchCriteriaId": "16593100-F288-4013-BF48-48CA482FC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125410:*:*:*:*:*:*",
"matchCriteriaId": "5BCA02F3-EF72-4F28-9ABB-D75EB6CE3338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125411:*:*:*:*:*:*",
"matchCriteriaId": "D8052948-7F5B-4E63-B1B7-B244D6A0AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125413:*:*:*:*:*:*",
"matchCriteriaId": "B6359934-CA70-4A8A-99E5-806555900EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125414:*:*:*:*:*:*",
"matchCriteriaId": "83BAAE61-540D-4E36-8B63-2438EC3B1479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125415:*:*:*:*:*:*",
"matchCriteriaId": "008A2BF2-E18B-492F-9DFF-19618F998664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125416:*:*:*:*:*:*",
"matchCriteriaId": "5023E77A-908C-41AE-ADC7-580F44ADC376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125417:*:*:*:*:*:*",
"matchCriteriaId": "797D16E7-484D-4793-9040-74B815DC52B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125420:*:*:*:*:*:*",
"matchCriteriaId": "7D923373-B575-44C8-9B4D-DB824EC59B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125428:*:*:*:*:*:*",
"matchCriteriaId": "B88917EC-3ABB-475E-B374-272CE5272D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125430:*:*:*:*:*:*",
"matchCriteriaId": "BD457A1B-023A-42CF-ADED-648A061AAAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125431:*:*:*:*:*:*",
"matchCriteriaId": "9B9E22A4-676A-4D75-850F-15E5EC9A2911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125432:*:*:*:*:*:*",
"matchCriteriaId": "4E6BA9C0-59DB-49E5-826E-1CA885FA28CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125433:*:*:*:*:*:*",
"matchCriteriaId": "95715B71-FA63-40A2-9EA6-56250318FC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125434:*:*:*:*:*:*",
"matchCriteriaId": "2591F23D-DB1F-44B0-B67A-13483408DE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125437:*:*:*:*:*:*",
"matchCriteriaId": "E4F035FB-54A9-47C0-8896-174A742E23B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125446:*:*:*:*:*:*",
"matchCriteriaId": "34B52052-FBFC-4803-B999-448A9385B613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125448:*:*:*:*:*:*",
"matchCriteriaId": "A1F97594-BF89-4B5D-B1CE-706708891450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "A436DAC3-05F7-48DE-A2E2-0084AE31D9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "544961BA-03CA-49D6-AB7C-CFF597B3BB8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "9CDBD0CB-8495-44A1-BF9B-29A195D9F718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "73B5365C-92ED-41CC-9B05-8BB1FE21F3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "B652092E-570C-4D4E-A133-627426C50F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "DC13FB20-119C-47F9-870D-399811661896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125457:*:*:*:*:*:*",
"matchCriteriaId": "BC457292-04FE-4643-8F1D-05DAEF3F70BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125466:*:*:*:*:*:*",
"matchCriteriaId": "29CBDA2B-5A6A-4DB0-AC37-EAD8E05B55BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "CD266A0D-E726-4BC7-B3B9-6E3176415188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125468:*:*:*:*:*:*",
"matchCriteriaId": "046B7B6F-85DE-4BDB-8860-ECA208C4D697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "C60E51D9-A842-49FF-8793-84C074DBE5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125470:*:*:*:*:*:*",
"matchCriteriaId": "753B2FC9-342B-4456-85D9-27734BE7C6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125476:*:*:*:*:*:*",
"matchCriteriaId": "BE930B14-4B22-4299-8DE8-7625342FC4E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "45B93007-AD6A-4978-9752-41DF72D34A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "863CBACB-F9A3-44AC-B795-C2C0EB5C9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "AB28B644-BFD0-4588-B544-A139B26DDDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125486:*:*:*:*:*:*",
"matchCriteriaId": "944F7C2F-53D4-4933-BD63-DF15C5A5CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125487:*:*:*:*:*:*",
"matchCriteriaId": "F6D0F0D1-7DF5-4C8D-9B31-B347E5A567DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "870A721F-2991-4041-AB1D-DE3D953B8669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125489:*:*:*:*:*:*",
"matchCriteriaId": "4F7FC0E5-8D0D-45CF-AEFA-180B79BC8B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125567:*:*:*:*:*:*",
"matchCriteriaId": "7D394493-D690-44F0-B3F0-FD39E46F31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "AF8CBF57-EF1A-4C84-879B-1A4035F4236A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125587:*:*:*:*:*:*",
"matchCriteriaId": "2F1E924E-8896-41CE-82E2-F22943A02FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125588:*:*:*:*:*:*",
"matchCriteriaId": "FB058840-E3D0-45FA-B95F-3445A7719118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125589:*:*:*:*:*:*",
"matchCriteriaId": "FD9B23C4-3458-4E6C-B1AB-D4A36BE8FFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125597:*:*:*:*:*:*",
"matchCriteriaId": "D2A7AA89-7233-4624-894A-B2B996D1D270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125598:*:*:*:*:*:*",
"matchCriteriaId": "B6B402ED-8B64-4FB0-B9E7-76E499A4115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125599:*:*:*:*:*:*",
"matchCriteriaId": "4E8B01F2-0A03-48CF-8BAE-556A9C3D88FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125601:*:*:*:*:*:*",
"matchCriteriaId": "3C07E022-B75C-4491-8A30-9A1532D0472C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125603:*:*:*:*:*:*",
"matchCriteriaId": "00E92DB5-8D53-4129-92D0-AD1DA0F1FEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125604:*:*:*:*:*:*",
"matchCriteriaId": "913CD99C-8F47-47BD-BD7C-33762861BB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125605:*:*:*:*:*:*",
"matchCriteriaId": "67B7F52E-7D7A-4AA9-9241-FFCC3DD49BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125611:*:*:*:*:*:*",
"matchCriteriaId": "D02650C3-1A7F-4889-B6CB-11994054B5F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125612:*:*:*:*:*:*",
"matchCriteriaId": "01FEA1CA-351B-4E2B-A78E-60338682F97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125613:*:*:*:*:*:*",
"matchCriteriaId": "04C9E097-FE04-42BD-96C8-2A3A9FD50B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125614:*:*:*:*:*:*",
"matchCriteriaId": "94F895DB-C865-4AED-A1D9-CE69C0EF52FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "8B565B12-283F-4323-9C88-FD3CF5646DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125616:*:*:*:*:*:*",
"matchCriteriaId": "9FDC3394-293E-44CF-A83F-FE047A4E4DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "01846F8F-D7D6-4CD9-B83E-41B70C691761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125628:*:*:*:*:*:*",
"matchCriteriaId": "CAE013FC-357D-42DA-B223-D40B3C813089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125629:*:*:*:*:*:*",
"matchCriteriaId": "E4BA87E9-5E37-41EE-835C-13F68ABC9C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125630:*:*:*:*:*:*",
"matchCriteriaId": "D2034E17-2DB9-4229-B7D4-D14761CEE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125631:*:*:*:*:*:*",
"matchCriteriaId": "39FBAFB9-5703-4EEA-BFF3-45B958E0805F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A02A7E-02A8-4B74-AA9F-3DA0492748EF",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "24B04D73-0C55-49A8-B599-27C8C04948C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:*",
"matchCriteriaId": "97E74846-1666-4773-910D-77E0E19A7FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:*",
"matchCriteriaId": "BB90B809-9D97-469F-B8F6-41B4AEAA2D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "423C8618-9F3B-4B83-902C-FF01027EC54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:*",
"matchCriteriaId": "7E974B56-7A00-4582-AF8B-0D09B94477BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:*",
"matchCriteriaId": "7B6F8404-F624-41AA-BE8D-170D843EC290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "D0FF81E5-2134-4F45-9B39-2E3D5208BB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "0D5DA95F-7C0F-4D05-BD35-DED356D01692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:*",
"matchCriteriaId": "2B3A3EC3-DF7C-41A6-884C-C7C13D41B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:*",
"matchCriteriaId": "89EE3E31-8F55-4E44-8522-A32D6887AE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:*",
"matchCriteriaId": "979ED7B4-FAE3-4E98-A303-290E498FFD81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:*",
"matchCriteriaId": "EDC62E2F-AB97-4008-A52B-9CDC341A06BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "93DF7023-22AE-4A84-8734-06239013C10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:*",
"matchCriteriaId": "2A128BED-75FA-42F1-9171-CBAEAA2366A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:*",
"matchCriteriaId": "5298BB50-8E22-490A-87C7-7F40B7F8F7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:*",
"matchCriteriaId": "39C34F02-E413-4067-B958-86ADF89FA3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:*",
"matchCriteriaId": "A0673E69-A2DB-424C-BBF0-79D729230F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:*",
"matchCriteriaId": "4F062A20-6FFE-479B-9E64-E4771490B041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "C598244E-7483-4762-AC27-BD8036FEFE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:*",
"matchCriteriaId": "B188A792-EF1A-4292-BD91-47635706C430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "BEFACD7A-D81B-4EDC-9E38-FD93FA0DE456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:*",
"matchCriteriaId": "DF818138-079A-43BE-A8B5-5DA47FA443AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:*",
"matchCriteriaId": "27066A8F-75C4-42BF-A54B-543114B92995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:*",
"matchCriteriaId": "A239C6F8-3FC0-4510-B33F-14B25908E68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:*",
"matchCriteriaId": "E8399E84-1344-4472-91F3-F63255911876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:*",
"matchCriteriaId": "8888C77E-04A7-4C34-B497-504F6217E07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:*",
"matchCriteriaId": "7502D92A-3B51-4A76-88D6-E2D76A584075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "7E465A5F-C8B0-4AD0-8D6D-4823C5F8153D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:*",
"matchCriteriaId": "DBA622D6-CD85-4F0F-8CC3-39FE29754039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:*",
"matchCriteriaId": "A0D2828B-B897-4F1D-B657-436DB3CAC2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:*",
"matchCriteriaId": "98279B6E-8361-45CA-8912-F06972F4BD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:*",
"matchCriteriaId": "A7D879C8-E89F-45C1-9609-80B737080AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "3D8FD2DE-18D9-4F50-9256-672435059876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "F01FEA58-BE5B-4CEC-831D-3BF05A20688D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039C6DE6-DEA2-42E9-AE55-322E8E6B048C",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "55EA00B6-DE5D-4DE4-85AC-38A1216B4923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "BC4DF055-45CD-4B83-A7BA-59D6E46BD4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125119:*:*:*:*:*:*",
"matchCriteriaId": "F9B51EF5-800F-446B-9F2D-47D45445E73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "C4C2087D-1B7B-4DA4-8288-D5366BC9735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "B8FE0307-3CA7-445E-BA42-27D65C298E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "F6F9CB58-3B55-4E6F-AE24-D16552EE3614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125138:*:*:*:*:*:*",
"matchCriteriaId": "006DB16B-34C4-4359-96A1-381F7C66BF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "7EFE37CC-58F5-4B08-95C2-D9DAFC8D9C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125162:*:*:*:*:*:*",
"matchCriteriaId": "4F102286-1D21-48AB-A1B4-ADB5A4D3EEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "7DDD3297-57ED-40D4-AC54-4484A3E9C633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "8F467A89-13F7-47E9-8285-041DB3F33603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "E8C93717-4E5A-4686-A83F-A7D4AC732144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "5A15AF17-8500-4102-AF1C-897360BB985C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "D9B364E3-45C1-4C71-BB6D-9D831449CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "4CCB49B2-4AA1-4223-98F0-1E0872566BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "5D0A19E8-F0B3-446D-B991-C63657BC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "1C7CD9C4-861D-42C0-9209-0843613F94B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125363:*:*:*:*:*:*",
"matchCriteriaId": "AD44F42F-709B-4FBE-B9C7-9944A874D489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "23C53DA5-F50F-4FA5-AF8B-4EA174BB4E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125395:*:*:*:*:*:*",
"matchCriteriaId": "199EE3C2-2D58-4777-8592-D000D135E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "0CE514D6-6C6A-4DAD-8DB2-FA1F12FFAFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125412:*:*:*:*:*:*",
"matchCriteriaId": "461FD5FC-2D14-44FC-88F0-783EDDD63483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "65FD6158-1B99-4C17-A167-41D6B1CD62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125449:*:*:*:*:*:*",
"matchCriteriaId": "188123C8-7E72-4690-A322-888BED90FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "2BF85206-863D-493C-88F4-15B0BA5276A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "3C9DE996-1DEC-4AF0-89FD-1E3DA3967BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "75FF4D85-97C8-4DF4-ADE6-EDE8EC2DD5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "9CAC6467-19F7-4CB2-A5FC-B57A14F4636C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "60EB56E2-7367-4488-A00D-41464E86B06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "3E315636-0897-4421-882D-E8196F7ACAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "EE609902-17AF-491B-8749-C8AF4E0A8241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "6EFF6295-3F73-448D-8109-453E0DFD2002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "35A535BC-644B-4B10-8F66-779FAF503683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "DDD4AA74-4B07-44A1-A32F-88B0B1E90ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "52203983-0CC9-49DB-B100-49CD9F5CE688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "095362BF-69CD-458F-8A44-E3D6AFC8C41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "65F6F508-F0BF-4821-8B50-24A9B652522E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125564:*:*:*:*:*:*",
"matchCriteriaId": "4044EE7F-268B-4CC7-9982-80766BE5790E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "6F87A77C-E40F-4DDE-9260-FCF12B237FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125581:*:*:*:*:*:*",
"matchCriteriaId": "51CF193E-D5A6-423A-A5E2-B0ACF4B002E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125596:*:*:*:*:*:*",
"matchCriteriaId": "7C10F5A0-6FFE-4907-8A61-61CF11FC7A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "6B3F637D-3724-4314-BCC7-A6A06040DF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "18598449-D0EE-445F-BA6A-2CD658DAF4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125657:*:*:*:*:*:*",
"matchCriteriaId": "6DC52F3E-EC5F-404B-ABD7-615B8AB522A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*",
"matchCriteriaId": "E3552F71-C708-41A4-9168-5673C086F507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1DA3A9-36FB-4BCA-AEEC-231A2C3127D0",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "0BA30C26-D3D8-447C-BD7A-9BC166C8BF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "162E0203-17E1-427E-A351-33F75E8FE5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "61FB54BF-7A8F-4EE5-AF42-15E2B69E9DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "764139C9-FF6A-4BE0-BAF3-52F403C41393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "3D9805F6-1A56-4FBF-8F47-DAA80E4DE9FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FF3515-61C7-4A7A-9781-6D4A0340B2EC",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "77AA96FD-5AF0-4F80-8402-BAB460FF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125003:*:*:*:*:*:*",
"matchCriteriaId": "3095B4D1-170A-48B0-8C4A-7A7A54E42149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "8CE4267C-DAAE-4CEC-A6E3-D2213AA5EE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125109:*:*:*:*:*:*",
"matchCriteriaId": "92EB7DC6-F227-40B3-A093-4D9495BBE272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "40C478D3-7C1C-4FCE-99FA-976EE2754680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "DE6C88E4-D382-4729-AF5D-5697DCE26A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125122:*:*:*:*:*:*",
"matchCriteriaId": "6447F4D8-0943-4C8C-BBA7-42BECC181D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "422B8CB6-3A14-4452-9192-F4CD5BF5D030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125141:*:*:*:*:*:*",
"matchCriteriaId": "41AB6C1A-CBEC-4DC1-94A4-9D14E82BA542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125142:*:*:*:*:*:*",
"matchCriteriaId": "6A2C060F-770B-4245-8490-5D2EB970FCA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "16E635CC-1591-4535-89EA-B8470BD885F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125150:*:*:*:*:*:*",
"matchCriteriaId": "D5F9E623-A42D-446D-ADDD-5F3C8F7BD9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125160:*:*:*:*:*:*",
"matchCriteriaId": "1E235AF0-4453-4439-A25D-FF78A89BB117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125179:*:*:*:*:*:*",
"matchCriteriaId": "620E40E9-9D83-4E14-8898-10C0718B1A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "1D72F651-BD8C-4564-AC1A-84A91F21EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "19DD9FF2-583B-4079-9375-E1643FF9A54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125200:*:*:*:*:*:*",
"matchCriteriaId": "69EDC39C-68EE-488D-B740-9E45229BDF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "EC374820-208A-40EF-965C-50C19467BD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "397B1FAC-EB6E-4F17-B5D7-CBD47D581DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125217:*:*:*:*:*:*",
"matchCriteriaId": "E771BCA5-9E65-4C8B-BF36-E90F641D2015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125221:*:*:*:*:*:*",
"matchCriteriaId": "A658460A-FAE0-4487-8CD6-FB3384664F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "6F104D17-7D08-42A5-BAF3-DEA475308FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "9F875BFA-18C2-42BF-8BC4-D02E15B395E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "3BBD9D22-7E92-4648-972E-E17D9472E08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "7219F9A0-CD1D-4BB4-A5E1-FA0495B49114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125361:*:*:*:*:*:*",
"matchCriteriaId": "0CBB0F67-9C81-44BC-9836-DE5FE40DDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "6D7C0250-52DA-423D-B061-0CDF39D15068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "6FC34D3F-FED3-4266-AB29-98FFC2002507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "DD1460AC-A719-4B75-B28B-748B6C262A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "B9024FE1-536C-4180-8115-6D97E7C324D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125410:*:*:*:*:*:*",
"matchCriteriaId": "8CD6EB21-3DC6-47A7-939A-AA3C8EFE278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "3A5911F7-7A45-499D-B345-D9C082932BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125447:*:*:*:*:*:*",
"matchCriteriaId": "CBBD7A90-4F97-4DFD-B8E6-F24A9B72A1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "87C6DCE0-5F40-4F50-8538-29CFF2DCC9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125464:*:*:*:*:*:*",
"matchCriteriaId": "BECA9FA7-887B-4ECC-AA23-F75F96E42CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "CFD6D448-337E-4A63-8BE2-4DFC50AE7413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "33F2625D-0750-4ED1-8BA7-8141D8B7FB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "A7D6DD58-62F3-4727-9AC1-E6B5EA71BB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "33991587-174F-48D9-821D-BF44CF24924D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125484:*:*:*:*:*:*",
"matchCriteriaId": "18B8D15F-0286-4D64-96F8-D213E241813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "EB8483C1-6586-4936-8BF8-ECE3F0F4D5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "A9318551-C41F-46E9-A196-5C01EAE276F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "5030E129-0401-457B-B4FB-974AD5A0A948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125557:*:*:*:*:*:*",
"matchCriteriaId": "74DAFF5A-7090-427F-A69E-2E90456485C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "8EB26A23-108E-4F39-84E3-2F1C197C8CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125582:*:*:*:*:*:*",
"matchCriteriaId": "DF57D557-B1B9-4B2E-81A5-B23C1A8521E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125605:*:*:*:*:*:*",
"matchCriteriaId": "E37E20B2-B678-45C1-9EF9-7D65172B485F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "722042FB-CFE5-4DE8-A196-65D2E035378F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "17CC4F0C-E69E-4FA5-8119-D71AD9C13E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125621:*:*:*:*:*:*",
"matchCriteriaId": "B8DA03F6-8EF8-48E1-B4CF-A2B0CB6F1DEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50FB7952-0CED-4A64-A435-D588CA661630",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "8343B084-2009-44F2-B36C-C66719BBB1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "2574DD71-36A4-47AE-ABC3-D05D36FF8F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "B9D787C9-F37B-4193-A34F-080F7410BFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "55FB4705-D709-42F0-A562-6C5A05E00EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "4503E624-DC7F-4C5E-B715-0EC4676CA1ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340D8561-6110-49D8-BCDC-78A762FCD3E6",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "C61E9B3D-A39D-428E-A82F-5C4C225906C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "423D3372-F910-4006-9FE8-49A6B730AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125109:*:*:*:*:*:*",
"matchCriteriaId": "02B0ED3C-4729-4C70-8F06-6B507ED75BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "3CE0B4B2-CC4C-4F0F-B97E-A90C84377989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "DC2E4C62-9867-4D14-85B3-95F359BD0551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125122:*:*:*:*:*:*",
"matchCriteriaId": "5042AD90-4DF1-4A5A-9317-017102515284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "356A4F91-FA5B-4A09-841E-A380F580BA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "CBBDC611-498B-4175-9A88-5914ED6D3A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125141:*:*:*:*:*:*",
"matchCriteriaId": "10F3C9AD-9C1B-4FBD-8325-B56FCF96FFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "F4EE5C24-C4AE-4F9D-B808-8930102A1389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125160:*:*:*:*:*:*",
"matchCriteriaId": "E0F45A48-5006-4748-B683-6C7CB469286A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125179:*:*:*:*:*:*",
"matchCriteriaId": "9796C62A-8FCA-4E1E-855E-7D67F77C9AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "1A1AC2FD-91BA-4B78-BB14-B9F2CEB09071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125200:*:*:*:*:*:*",
"matchCriteriaId": "A4B99FDC-EC68-4006-B359-E845AEF72FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "240A8575-F963-4DB4-B9C6-BE584A2F8271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "B97F1BEE-F3C0-4DDD-B767-23C4BE9054AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125217:*:*:*:*:*:*",
"matchCriteriaId": "3B3482FA-9483-4EC7-9B09-E1BB63F02790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "2600FBC5-8358-4126-88F2-00F3BEE9B537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "FDD47CB0-3680-4ED9-821C-B673EACB953D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "D27B76C3-B8C8-48A6-AEF3-E9145B57EDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "6D77C576-035E-403B-A2B3-992496FAD202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "70608921-F02A-4121-BE90-919DD68DD0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "93C50660-6ECF-4353-A15A-4F7B0F06D33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "06D8864A-E6CC-4742-A2CF-B060E8DFA740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125393:*:*:*:*:*:*",
"matchCriteriaId": "D2572B3B-3BC4-4A83-92D5-8D7579821F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "0DD78F90-5231-4848-8971-9AB5ABBD2C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125412:*:*:*:*:*:*",
"matchCriteriaId": "7C94C142-168F-421C-B00B-3F42AA1CC9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "77CE4835-6540-4CF6-A31C-255DA52BB073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125447:*:*:*:*:*:*",
"matchCriteriaId": "E0544AE8-92B3-43A7-8F42-299AED1A40CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "BEC805D2-CFDC-40DE-AA70-42A91461BEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "4767BF5A-B867-44BB-B152-E2AFA63B06D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "5855C471-07AB-4A96-9631-26C6C8B01F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "5075910F-3676-439A-879A-5CBE2C734347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "20808F91-7F08-4BA9-9075-C54337EC68E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "C700CE3B-31B5-4B4D-A378-70EC26D6F88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "A05AFF4D-4EF9-4939-81CC-0AB55DA596F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125464:*:*:*:*:*:*",
"matchCriteriaId": "86C3E31F-87E2-459F-8D1B-C6D1A237960D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "A3E7FC26-0000-4D4B-B489-DF0E2CD2B13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "13E6E0F9-9D03-4665-9C89-6BE62ADCB39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "0DE52003-E959-420F-89A1-C86D8FB12DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125476:*:*:*:*:*:*",
"matchCriteriaId": "6E9C9051-7FDE-4DEE-85DC-0798524DC17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "5BE3598F-CEB4-4553-BB50-AA778BBF8BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "4C71852D-D529-469A-9111-6D4DB8381BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125484:*:*:*:*:*:*",
"matchCriteriaId": "EC3F7DA9-3FBF-4D67-8BA5-2643E706F64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "53E2DF01-9A39-4E50-BEDE-D49988CE5CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "0015664D-11BC-4DEE-BC5B-DB3D1FE8DF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "8B49F887-4574-4B3C-A8A7-57F75B27447F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125557:*:*:*:*:*:*",
"matchCriteriaId": "C1E93E4D-0E54-41DF-843A-E8AE94EAD0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125566:*:*:*:*:*:*",
"matchCriteriaId": "1617ADAD-2E13-4910-B600-3EC7E59B087C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "4E7B4955-F688-47DE-B1FF-D417EBDFF9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125582:*:*:*:*:*:*",
"matchCriteriaId": "5F982932-5513-411A-9CBF-3082C7ECEF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125584:*:*:*:*:*:*",
"matchCriteriaId": "0B5378E9-D011-4B12-8DEE-442F22789C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125585:*:*:*:*:*:*",
"matchCriteriaId": "8232CBA1-55DA-4F3C-A9E5-A204A25231C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "253569A5-4A2E-4163-88DC-C0FE6B79E06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "A30281F3-4DE2-4ED3-91A7-AE7A091C31E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9222E54C-0A7C-4828-9917-7CFD7EE8BC59",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "85778DB3-87D9-4C6A-9149-C58C45913268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "3973EC75-A70A-475A-82BB-409992F09392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "14537D55-3ABE-423C-B320-6811292620AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "FCB0BDE0-5BD3-4315-A74B-D7065ABC91BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "3E850CF4-9078-4E43-A87C-8323536E8CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "EC407852-45B1-47F4-A886-AF8B473A86D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB0C7A9-5511-4AC9-B5E4-74AAE6973E34",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "BDA5DDA4-A67C-4370-B41D-02755FCF1F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "3D99CD97-1D6B-4C67-A909-E1CE28A78E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:*",
"matchCriteriaId": "70FEC14F-A53C-437C-981A-214B867142E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "895E57EA-A8F6-425B-9D08-654E03B92B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:*",
"matchCriteriaId": "9EE0C771-B2F6-4766-82FD-203967CE37D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "0DCD6102-19F7-42D2-A81B-C85824CA351D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:*",
"matchCriteriaId": "3C2C0A08-66BF-4FDC-A209-769234438844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "8DDC3649-12A9-41F3-A27D-646B5DF05E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "4F037A2A-4B9A-4EBC-94E2-87502960FF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:*",
"matchCriteriaId": "B15E99A3-989F-4EFD-BA26-DEC6992BD1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:*",
"matchCriteriaId": "B85BF117-503B-435F-8667-481D9AC7A788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "3AC2A038-F59B-4137-B02F-4C26E2EB9152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "F605C78F-8BE4-4E02-A7FB-CA9D24AFE7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:*",
"matchCriteriaId": "15557A07-E0E9-40DB-B013-0F4AD9556BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:*",
"matchCriteriaId": "79082C84-9F25-4A63-86AF-18CC4ADF71CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "A88678CE-DB64-4D66-8F2A-3C60058DC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "88009BAC-1ECF-4BA3-855F-96C8789E476E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:*",
"matchCriteriaId": "E64F7B54-6B09-4B7E-B2AB-5EA73FD8E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:*",
"matchCriteriaId": "2B94DFD2-374C-47A9-9D54-3FDB63197FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "9B0330D9-1276-4228-BA7E-B9E3B828E5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "89736956-D05D-437B-BC7A-850AA459C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:*",
"matchCriteriaId": "63B26424-7292-4F37-B86F-2A4E0AD32B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "2D2629FB-0A83-43CC-8C83-444036D05F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:*",
"matchCriteriaId": "4CFD99D1-CB43-437B-8E7D-6712DA5C9835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:*",
"matchCriteriaId": "6FEBA58F-E5B4-4B91-B78F-620C6EB9D3BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "F9F9D406-FE99-45C0-B1C0-4DEB5E843FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:*",
"matchCriteriaId": "F4B86974-C598-4E1A-9FF0-5AF9638C1AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:*",
"matchCriteriaId": "C2838623-6F3F-417A-A644-FA226CCD8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:*",
"matchCriteriaId": "454EDD2A-E79A-4D46-B841-BE5EC12C63D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "1557A740-D19D-4220-9B3E-395EFCB86F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:*",
"matchCriteriaId": "9C7DB404-A5C7-4EDB-BCB2-079A41E31428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:*",
"matchCriteriaId": "B738952C-DE7B-4C3D-85B9-ADBEDF007AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:*",
"matchCriteriaId": "897D140C-20FF-454D-8928-B11FFC84C016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "18F93D7C-E8FC-4D4C-AEA0-C1187FB6D9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:*",
"matchCriteriaId": "2E799367-7DC7-478D-948A-17D717507DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:*",
"matchCriteriaId": "74A5591E-75A4-4ACA-9C34-4907D645AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "0C67D5FC-5965-4AC1-80A5-931BE60B5E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125465:*:*:*:*:*:*",
"matchCriteriaId": "139E25D9-A4C8-4041-ADF7-4618DFEEE8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "6A65F3F7-45D3-49EB-9784-1F13FA2CBB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "3795D2DE-622F-4C82-B133-0993A01AC1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "C0DB9896-BC25-46E3-AA6F-496A442BE525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "CE56A949-74AC-4138-8AD3-31F5763860EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "4A3DB867-FD46-46EB-AEF0-2B6E79371AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "7881FBB4-AC09-4EB9-B02F-3EA19237E095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "F391E432-98B8-4D97-8AD4-FB1A84FAF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "61D908B2-446E-48EC-9F6B-91E8BF0F6A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125565:*:*:*:*:*:*",
"matchCriteriaId": "FD5F28B0-580E-4CD4-917A-496D35AD271A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "F0FC96AA-F2F4-4C35-8BF7-6318A2F624A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125583:*:*:*:*:*:*",
"matchCriteriaId": "6EA008F1-4E47-4753-8506-769B29AB5BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125584:*:*:*:*:*:*",
"matchCriteriaId": "7ED68CDE-1096-4490-8E6B-78F4AC2BB729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125598:*:*:*:*:*:*",
"matchCriteriaId": "34F8D9B7-3BD7-44C0-A292-162928729F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "ADFB3155-72F3-4DFA-BAE1-5725A40E6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125612:*:*:*:*:*:*",
"matchCriteriaId": "7446678C-E2DB-4EA2-BC9B-430C8EC7804B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "33C57314-5503-48BD-9ED2-D76517C9C0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "AC201C68-2C1D-4E75-9443-C5F853A37AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6628EB7-96F6-48E3-8018-8F569972B811",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "B64ADEEB-502D-4588-BD80-156124437AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "2306C5F3-5413-4240-BAB6-E55849063A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:*",
"matchCriteriaId": "87F97A9E-2AB3-4121-B5A7-0AA25780D336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:*",
"matchCriteriaId": "AD049643-9546-4D39-BD26-79661205C110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AEEB49-1C45-4B88-81C1-A1425B7E99A2",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "C7F15A64-F15C-43E4-890A-7FEB0614C6DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "378A2C19-6176-4E95-AB9C-B60A1F1A1E87",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*",
"matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "AC812003-B383-4E52-B9D3-90F4B0633C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "E6BE678E-EC68-478F-A4E0-73E032C88167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "A5E373E7-9BB3-480F-A685-BAA7A9CD1BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "BC2FC98F-84FF-4C90-BD7C-20A4910BED44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9794CB33-4932-4AA6-AC8C-B9FB6AE233FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "3CC0A1C9-2F24-422A-8478-95BDCE1EBE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14304:*:*:*:*:*:*",
"matchCriteriaId": "4E541BD1-3BB8-4807-BDF8-45B0916416D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*",
"matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*",
"matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*",
"matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*",
"matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*",
"matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*",
"matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4308:*:*:*:*:*:*",
"matchCriteriaId": "18B78BDC-0EAA-4781-8D62-01E47AA3BF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4309:*:*:*:*:*:*",
"matchCriteriaId": "A9EE7E99-B428-41EF-A693-7A316F695160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "13A9F940-083E-451E-A330-877D67F617BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9FE925DF-55E6-4E7F-B5CD-F5ED097BBBC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "0031CF5C-78FE-4CB0-97CE-087C10A77EB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41B34AA8-294A-48A9-8579-44EB7EE192F3",
"versionEndExcluding": "12.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en varios productos ManageEngine que puede provocar la exposici\u00f3n de claves de cifrado. Un usuario de sistema operativo con pocos privilegios y acceso al host donde est\u00e1 instalado un producto ManageEngine afectado puede ver y utilizar la clave expuesta para descifrar las contrase\u00f1as de la base de datos del producto. Esto permite al usuario acceder a la base de datos del producto ManageEngine."
}
],
"id": "CVE-2023-6105",
"lastModified": "2025-02-13T18:16:03.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T21:15:08.490",
"references": [
{
"source": "vulnreport@tenable.com",
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 06:08
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-33055/ | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-33055/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones hasta 6102, permite una ejecuci\u00f3n de c\u00f3digo remota no autenticado en ediciones no Inglesas."
}
],
"id": "CVE-2021-33055",
"lastModified": "2024-11-21T06:08:11.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T19:15:08.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-33055/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-33055/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 14:15
Modified
2024-11-21 06:08
Severity ?
Summary
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports \"User Attempts Audit Report\" as CSV file. Note: The vendor disputes this vulnerability, claiming \"This is not a valid vulnerability in our ADSSP product. We don\u0027t see this as a security issue at our side."
},
{
"lang": "es",
"value": "** EN DISPUTA ** Una vulnerabilidad de inyecci\u00f3n CSV en el panel de inicio de sesi\u00f3n de ManageEngine ADSelfService Plus Versi\u00f3n: 6.1 Build No: 6101, puede ser explotada por un usuario no autenticado. El par\u00e1metro j_username parece ser vulnerable y se podr\u00eda obtener un shell inverso si un usuario con privilegios exporta \"User Attempts Audit Report\" como archivo CSV. Nota: El proveedor disputa esta vulnerabilidad, afirmando que \"Esta no es una vulnerabilidad v\u00e1lida en nuestro producto ADSSP. No vemos esto como un problema de seguridad por nuestra parte\"."
}
],
"id": "CVE-2021-33256",
"lastModified": "2024-11-21T06:08:34.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T14:15:31.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-31 15:15
Modified
2025-05-30 16:15
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7162 | ||
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory | ||
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zoho ManageEngine ADSelfService Plus versi\u00f3n 5.6 Build 5607. Un servicio expuesto permite que una persona no autenticada recupere informaci\u00f3n interna del sistema y modifique la instalaci\u00f3n del producto."
}
],
"id": "CVE-2019-7162",
"lastModified": "2025-05-30T16:15:25.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-31T15:15:11.317",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7162"
},
{
"source": "cve@mitre.org",
"url": "https://www.excellium-services.com/cert-xlm-advisory"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 22:15
Modified
2024-11-21 04:33
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "82FD8A24-2D01-4D2A-ADDE-51EBCC189332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "3CDD178D-9CE8-4FC9-8388-BB89DC949924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "4F3F2942-54CE-41A9-909B-8D5CE515A7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "20D1E7EE-8977-4010-AF5D-843A44853363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users\u0027 profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones 5.x hasta 5803, presenta una vulnerabilidad de tipo CSRF en la p\u00e1gina de informaci\u00f3n de perfil de los usuarios. Los usuarios que son atacados con esta vulnerabilidad ser\u00e1n obligados a modificar su informaci\u00f3n registrada, tal y como correo electr\u00f3nico y tel\u00e9fono m\u00f3vil, involuntariamente. Los atacantes podr\u00edan usar la funci\u00f3n de restablecimiento de contrase\u00f1a y controlar el sistema para enviar el c\u00f3digo de autenticaci\u00f3n en el canal que poseen los atacantes."
}
],
"id": "CVE-2019-18411",
"lastModified": "2024-11-21T04:33:12.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T22:15:10.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/aliceicl/e32fb4a17277c7db9e0256185ac03dae"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-10 15:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones 6111 y anteriores, son vulnerables a una toma de posesi\u00f3n de aplicaciones vinculadas"
}
],
"id": "CVE-2021-37423",
"lastModified": "2024-11-21T06:15:08.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-10T15:15:12.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-03 19:29
Modified
2024-11-21 04:01
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/ | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html#5701 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html#5701 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:4500:*:*:*:*:*:*",
"matchCriteriaId": "796A4512-DC6E-42A1-9A57-D4F446A9BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5032:*:*:*:*:*:*",
"matchCriteriaId": "4C202C90-B792-4E0C-B7A9-C06FDB7C30DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5040:*:*:*:*:*:*",
"matchCriteriaId": "42F19FC5-6C75-458A-9B90-376D0D1B0C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5041:*:*:*:*:*:*",
"matchCriteriaId": "6DC23258-D431-40C0-9853-E08D36A225FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5100:*:*:*:*:*:*",
"matchCriteriaId": "D8AF9E70-E4F7-4BB1-9D49-33633AB9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5101:*:*:*:*:*:*",
"matchCriteriaId": "D1174A0E-EFA2-4FAA-B42A-A0D4FAAD592D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5102:*:*:*:*:*:*",
"matchCriteriaId": "A99912DA-82E6-4FD6-8916-635637941335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5103:*:*:*:*:*:*",
"matchCriteriaId": "FC5FA48C-6B99-4B80-9256-694BD4174557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5104:*:*:*:*:*:*",
"matchCriteriaId": "6D860882-A106-4771-87DF-9ADE482F41DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5105:*:*:*:*:*:*",
"matchCriteriaId": "0DD127BF-200A-45F5-9357-5024C76E7B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5106:*:*:*:*:*:*",
"matchCriteriaId": "8D2143C4-D4A0-4AE5-86D2-D3DEFD27C9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5107:*:*:*:*:*:*",
"matchCriteriaId": "1745145D-493D-4181-B011-46490BBF5A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5108:*:*:*:*:*:*",
"matchCriteriaId": "8A9605CA-8368-47D1-964A-684E099212D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5109:*:*:*:*:*:*",
"matchCriteriaId": "109303F0-F6C6-4BC7-9011-BAAD6B1D043E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5110:*:*:*:*:*:*",
"matchCriteriaId": "39BC2BEF-89B7-48F0-BAFC-26B1DE0E7EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5111:*:*:*:*:*:*",
"matchCriteriaId": "BA12CCBE-5C43-4FF8-A9A5-63B91AA14C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5112:*:*:*:*:*:*",
"matchCriteriaId": "270B44CA-F153-4EF8-8E0B-276E80C8ADB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5113:*:*:*:*:*:*",
"matchCriteriaId": "6EC9A6C6-3D3E-411F-89EF-CAFCF66D8222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5114:*:*:*:*:*:*",
"matchCriteriaId": "CD55F212-950A-4421-9C73-80287647719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5115:*:*:*:*:*:*",
"matchCriteriaId": "61E19A98-DF1A-44B0-AB69-6822F9110FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5116:*:*:*:*:*:*",
"matchCriteriaId": "7AA56B14-E4B5-4373-81F3-ECFD30DC897B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5200:*:*:*:*:*:*",
"matchCriteriaId": "77F2C9F3-67ED-4337-9EC8-A164ADCBFB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5201:*:*:*:*:*:*",
"matchCriteriaId": "DE73451C-7289-4832-84A7-1A9D8CFE5EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5202:*:*:*:*:*:*",
"matchCriteriaId": "74AB64C4-625A-4369-8F16-3145B85A5DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5203:*:*:*:*:*:*",
"matchCriteriaId": "5C8E8A1A-AA00-48AC-BB5F-59DA174A4F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5204:*:*:*:*:*:*",
"matchCriteriaId": "797C805C-68D4-4B5A-8AD8-C2036692C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5205:*:*:*:*:*:*",
"matchCriteriaId": "50D245E8-5719-41B6-95C0-A2CACE88676D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5206:*:*:*:*:*:*",
"matchCriteriaId": "809A4666-41E7-48B8-A9FA-A24A71EC5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5207:*:*:*:*:*:*",
"matchCriteriaId": "6BEADFCD-8A32-4D59-908A-37E9E3A52E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5300:*:*:*:*:*:*",
"matchCriteriaId": "28409900-B268-437E-B474-1CDF7C654161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5301:*:*:*:*:*:*",
"matchCriteriaId": "E4A44B27-87F1-47F2-8596-663C63F4C1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5302:*:*:*:*:*:*",
"matchCriteriaId": "7ACD689D-709B-471F-9C86-66E22E91DBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5303:*:*:*:*:*:*",
"matchCriteriaId": "749731D7-2431-4DBC-9E76-4BFB8F8C57C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5304:*:*:*:*:*:*",
"matchCriteriaId": "5B0B3278-EE00-40F5-8372-9AFA6F44B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5305:*:*:*:*:*:*",
"matchCriteriaId": "916DEBE1-C3AB-415B-9463-1A4253F609C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5306:*:*:*:*:*:*",
"matchCriteriaId": "5CFBBCCD-7625-4C73-AFCA-924DFAC48BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5307:*:*:*:*:*:*",
"matchCriteriaId": "FA24BDA1-675D-45E2-A0F8-041CC6DF1D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5308:*:*:*:*:*:*",
"matchCriteriaId": "CE4EA03B-33D0-4057-A80C-4AF69D22FF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5309:*:*:*:*:*:*",
"matchCriteriaId": "0BA96538-C2F8-42C2-AF49-55B7D216B17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5310:*:*:*:*:*:*",
"matchCriteriaId": "D9227C12-AFD7-4481-8495-998F9AB4E668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5311:*:*:*:*:*:*",
"matchCriteriaId": "17755902-5421-45C1-8952-70771E8C79A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5312:*:*:*:*:*:*",
"matchCriteriaId": "CA16BF41-2F02-422A-A92F-40EA8BF7A75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5313:*:*:*:*:*:*",
"matchCriteriaId": "54C11E83-F0BA-4C47-875E-7CFEC447728E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5314:*:*:*:*:*:*",
"matchCriteriaId": "DDF73A07-905D-4F26-848B-84C3A9F1630C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5315:*:*:*:*:*:*",
"matchCriteriaId": "5EE92704-67CE-4D3A-97D1-BEAB1CFFC70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5316:*:*:*:*:*:*",
"matchCriteriaId": "ABFB14B0-F81C-4C7A-B1EF-EF8C4D779576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5317:*:*:*:*:*:*",
"matchCriteriaId": "219F3924-899B-4D14-90FF-E1F8B8A6B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5318:*:*:*:*:*:*",
"matchCriteriaId": "4C222551-E231-43E3-98BD-773FDB68D589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5319:*:*:*:*:*:*",
"matchCriteriaId": "DAD582DE-6811-4D78-899C-933D1D409EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5320:*:*:*:*:*:*",
"matchCriteriaId": "7D7BF363-19F5-4655-9A8C-AFF535AF0558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5321:*:*:*:*:*:*",
"matchCriteriaId": "962CABE0-C8AF-4C2F-81D7-12D232C390F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5322:*:*:*:*:*:*",
"matchCriteriaId": "613D8FD3-7086-4E59-A012-884A094BAD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5323:*:*:*:*:*:*",
"matchCriteriaId": "7D14A1B5-95A8-4F62-B06A-8BA4641CC35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5324:*:*:*:*:*:*",
"matchCriteriaId": "F3C27B95-B5AB-4BBD-9701-85560CC020CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5325:*:*:*:*:*:*",
"matchCriteriaId": "7B46B8A8-2C90-44C8-A5C9-186593D0A556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5326:*:*:*:*:*:*",
"matchCriteriaId": "2CA0E58E-2535-422A-AF35-3EF017792570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5327:*:*:*:*:*:*",
"matchCriteriaId": "8CC89F07-DD8C-4DD9-BE80-D9DA689A4D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5328:*:*:*:*:*:*",
"matchCriteriaId": "AD53F8D8-34A0-46F0-9AC9-EF088B4C9AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5329:*:*:*:*:*:*",
"matchCriteriaId": "A9B6BA8A-8709-4E8E-A42E-85B0E99818E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5330:*:*:*:*:*:*",
"matchCriteriaId": "B0F00049-CA99-4A6B-B347-78768BF19DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5400:*:*:*:*:*:*",
"matchCriteriaId": "30A10B00-E8DD-445D-AFC3-DC7DAF42724F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5500:*:*:*:*:*:*",
"matchCriteriaId": "CBEEB6C7-764D-4012-9656-FC76F43A53EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5501:*:*:*:*:*:*",
"matchCriteriaId": "86F5057B-4DFA-43A0-B604-9CACEEE926E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5502:*:*:*:*:*:*",
"matchCriteriaId": "5EF382C0-392B-4DA9-AFA2-3CD933615E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5503:*:*:*:*:*:*",
"matchCriteriaId": "78019D71-4598-4095-AAF4-13DCD93F842F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5504:*:*:*:*:*:*",
"matchCriteriaId": "3C6F69D0-1595-42E9-B812-63C133965E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5505:*:*:*:*:*:*",
"matchCriteriaId": "30D743E2-FE10-43BB-9514-4581F33F2C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5506:*:*:*:*:*:*",
"matchCriteriaId": "D4639A68-BAA3-4669-B2F1-AD381A25464D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5507:*:*:*:*:*:*",
"matchCriteriaId": "DF69BD50-A3B7-4C9C-83ED-088EBB977F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5508:*:*:*:*:*:*",
"matchCriteriaId": "0313F401-85DC-4DF0-AEAD-A8D6885902CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5509:*:*:*:*:*:*",
"matchCriteriaId": "924F6A44-0E30-46A9-990E-DA44AA61C012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5510:*:*:*:*:*:*",
"matchCriteriaId": "C514F02D-DB00-4B05-A53C-A13310FE9E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5511:*:*:*:*:*:*",
"matchCriteriaId": "D013876C-9433-4576-84B5-464649CC8199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5512:*:*:*:*:*:*",
"matchCriteriaId": "8DFA286F-0C4E-4C56-8FFB-15481594FE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5513:*:*:*:*:*:*",
"matchCriteriaId": "D86056BB-3CF4-4C8A-B685-1E88E25429F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5514:*:*:*:*:*:*",
"matchCriteriaId": "BDE0C598-57A7-4EEF-A98C-44B871955BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5515:*:*:*:*:*:*",
"matchCriteriaId": "C6F752FD-8B2C-4636-B7DD-343D2DEDE7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5516:*:*:*:*:*:*",
"matchCriteriaId": "B435C1CA-2DD6-4DC7-B7B1-9B232EA5CFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5517:*:*:*:*:*:*",
"matchCriteriaId": "48A77EA0-C382-4A81-9EE3-48F7AC8AFEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5518:*:*:*:*:*:*",
"matchCriteriaId": "48907141-7B99-4D1A-955D-7E98B46E5A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5519:*:*:*:*:*:*",
"matchCriteriaId": "C894A206-F09A-4D6A-9675-618CD8FEFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5520:*:*:*:*:*:*",
"matchCriteriaId": "52028275-3CFA-4AB0-8013-018FF88C11B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5521:*:*:*:*:*:*",
"matchCriteriaId": "2864B47E-79C8-4FE4-97E5-3C85C926CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5600:*:*:*:*:*:*",
"matchCriteriaId": "627B72C4-8311-414D-AA55-EC5F71794F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5601:*:*:*:*:*:*",
"matchCriteriaId": "74839837-94FC-4A6F-8DE2-358A7AD28D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5602:*:*:*:*:*:*",
"matchCriteriaId": "66B9BB15-FA78-4C05-8670-610DD790FF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5603:*:*:*:*:*:*",
"matchCriteriaId": "166217A8-C306-4C79-A33F-D45032F2D1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5604:*:*:*:*:*:*",
"matchCriteriaId": "EFC0E47A-8807-441D-BEFA-1E9A71EDA7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5605:*:*:*:*:*:*",
"matchCriteriaId": "06395B41-9538-42FF-8ADB-E750F5C5B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5606:*:*:*:*:*:*",
"matchCriteriaId": "0DF7379A-F56E-4A2D-8099-2C0E72B8ACA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*",
"matchCriteriaId": "FE8675BC-B0AA-4067-B079-FCAE97519B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5701, tiene XEE (XML External Entity) mediante una licencia de producto subida."
}
],
"id": "CVE-2018-20664",
"lastModified": "2024-11-21T04:01:57.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-03T19:29:01.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#5701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-23 20:15
Modified
2024-11-21 07:12
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68",
"versionEndExcluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
"matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
"matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
"matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*",
"matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*",
"matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*",
"matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*",
"matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*",
"matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*",
"matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*",
"matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*",
"matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6211:*:*:*:*:*:*",
"matchCriteriaId": "D7E0ED07-E432-47FD-A2B5-6F591FF2A64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6212:*:*:*:*:*:*",
"matchCriteriaId": "73E7D08E-E2AA-48AE-ABFF-0E46026B47FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6213:*:*:*:*:*:*",
"matchCriteriaId": "430B78F8-F860-4911-9F7E-710386BF2166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6214:*:*:*:*:*:*",
"matchCriteriaId": "E926BB96-B0F6-4FC7-BACE-F658FA63F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6215:*:*:*:*:*:*",
"matchCriteriaId": "F5DC4C8C-41C8-45B2-A077-FB325F80E22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6216:*:*:*:*:*:*",
"matchCriteriaId": "FB581F7E-EF4C-4BFF-AA29-1875F0280BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6217:*:*:*:*:*:*",
"matchCriteriaId": "016F55FB-5F14-451F-9F93-479426146925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications."
}
],
"id": "CVE-2022-36413",
"lastModified": "2024-11-21T07:12:57.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-23T20:15:14.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-36413.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2025-05-30 16:15
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7161 | ||
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory | ||
| cve@mitre.org | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/ | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Zoho ManageEngine ADSelfService Plus, en versiones 5.x hasta la Build 5704. Emplea claves de cifrado fijas para proteger la informaci\u00f3n, otorgando a un atacante la capacidad de descifrar cualquier dato protegido."
}
],
"id": "CVE-2019-7161",
"lastModified": "2025-05-30T16:15:24.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:10.780",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7161"
},
{
"source": "cve@mitre.org",
"url": "https://www.excellium-services.com/cert-xlm-advisory"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 03:15
Modified
2024-11-21 06:58
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6121:*:*:*:*:*:*",
"matchCriteriaId": "1DD9B2CF-8EBE-454D-8A81-873C0A8ACAA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus antes de la versi\u00f3n 6202 permite a los atacantes realizar una enumeraci\u00f3n de nombres de usuario a trav\u00e9s de una solicitud POST elaborada a /ServletAPI/accounts/login"
}
],
"id": "CVE-2022-28987",
"lastModified": "2024-11-21T06:58:17.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T03:15:07.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28987.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory | |
| cve@mitre.org | https://raxis.com/blog/cve-2021-27956-manage-engine-xss | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raxis.com/blog/cve-2021-27956-manage-engine-xss | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 | |
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6104, permite un ataque de tipo XSS almacenado en la p\u00e1gina de b\u00fasqueda de usuarios /webclient/index.html#/directory-search por medio del campo e-mail address"
}
],
"id": "CVE-2021-27956",
"lastModified": "2024-11-21T05:58:54.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T18:15:07.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raxis.com/blog/cve-2021-27956-manage-engine-xss"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raxis.com/blog/cve-2021-27956-manage-engine-xss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 05:15
Modified
2024-11-21 08:08
Severity ?
Summary
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html | ||
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-891 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-23-891 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6122:*:*:*:*:*:*",
"matchCriteriaId": "D3EFB734-E7F3-482E-9A64-DD1A0A6B1E5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009."
},
{
"lang": "es",
"value": "ManageEngine ADSelfService Plus GINA Client Verificaci\u00f3n insuficiente de autenticidad de datos Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Esta vulnerabilidad permite a atacantes f\u00edsicamente presentes ejecutar c\u00f3digo arbitrario en instalaciones afectadas de ManageEngine ADSelfService Plus. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el Portal de restablecimiento de contrase\u00f1a utilizado por el cliente GINA. El problema se debe a la falta de autenticaci\u00f3n adecuada de los datos recibidos a trav\u00e9s de HTTP. Un atacante puede aprovechar esta vulnerabilidad para eludir la autenticaci\u00f3n y ejecutar c\u00f3digo en el contexto de SYSTEM. Era ZDI-CAN-17009."
}
],
"id": "CVE-2023-35719",
"lastModified": "2024-11-21T08:08:34.217",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T05:15:42.437",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"url": "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-18 22:15
Modified
2024-11-21 04:33
Severity ?
Summary
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*",
"matchCriteriaId": "8A012C70-3CD6-46C7-AEE7-9D5763C5AC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "76008ABA-2A6F-4EF9-B9F4-3CA996C1C5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "7C9E0FFE-2C4E-4157-B6CB-D547DE62E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "B8115A1F-DFFA-4C7D-90A7-1C7585FA1F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "59408AE1-F8C3-48A7-BF31-ABB4173E42D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "0DB0AFE4-2631-4A5E-BC08-1CF733FD7457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "82FD8A24-2D01-4D2A-ADDE-51EBCC189332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "3CDD178D-9CE8-4FC9-8388-BB89DC949924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "4F3F2942-54CE-41A9-909B-8D5CE515A7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "996B4FAB-C1FA-42D9-BAB2-EC4CD2394D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "20D1E7EE-8977-4010-AF5D-843A44853363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de redireccionamiento abierto en Zoho ManageEngine ADSelfService Plus versiones 5.x anteriores a 5809, lo que permite a atacantes obligar a usuarios que hacen clic en un enlace dise\u00f1ado a ser enviados a un sitio externo espec\u00edfico."
}
],
"id": "CVE-2019-18781",
"lastModified": "2024-11-21T04:33:33.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-18T22:15:13.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 18:29
Modified
2024-11-21 04:01
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html | ||
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 4.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.0 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.1 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.2 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.3 | |
| zohocorp | manageengine_adselfservice_plus | 5.4 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.6 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "ADB66864-2B10-4693-89C5-F13AADCAF0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "36A2372E-DD10-455D-90C9-C8B5EBA52D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "212A1978-367C-417E-B887-6C957B76578C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*",
"matchCriteriaId": "1261129B-F0FD-4849-A8D9-9CBD99910FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*",
"matchCriteriaId": "087A729A-A175-4CE5-AF87-510E51125C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*",
"matchCriteriaId": "EFBB3F80-C322-4015-897D-12736CED3077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*",
"matchCriteriaId": "B3D55605-AD61-4D63-BCA9-CAD95020813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*",
"matchCriteriaId": "327F7E10-4704-46D9-A82A-8E799181D0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*",
"matchCriteriaId": "F515AB67-A302-4A95-BC99-F7F26BA67B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*",
"matchCriteriaId": "97E1E2BD-1AE1-4128-84B3-80A5F8D74A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*",
"matchCriteriaId": "C8D9FAD8-419D-4489-AAF7-96953CDB595B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*",
"matchCriteriaId": "04373F72-E36E-4EFD-8215-C6CF44464DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*",
"matchCriteriaId": "126040DD-08A6-45B4-8A41-E47DAF8716FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*",
"matchCriteriaId": "595F8E5F-068B-4526-A76F-D40EADC56135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*",
"matchCriteriaId": "C8608BDC-21B0-4C4C-9C1E-540FDCA13671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*",
"matchCriteriaId": "3AA24300-1217-4DFA-8247-CF1B83B47C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*",
"matchCriteriaId": "AE175D32-95D7-451F-88C0-492B4C827CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*",
"matchCriteriaId": "9B826420-BD33-4C0F-A0C8-E614AFA0AE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*",
"matchCriteriaId": "DAD07524-564F-4559-9F6D-EB8961380A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*",
"matchCriteriaId": "76480E2A-FD99-4902-99D3-847136451618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*",
"matchCriteriaId": "D117C2AE-B396-46AD-9421-23750F9D6CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*",
"matchCriteriaId": "6B9F5FCF-BECA-424C-86C8-4769797AEB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*",
"matchCriteriaId": "6A014DF4-0353-4117-927B-C7950D92EEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*",
"matchCriteriaId": "EC6163AF-1A41-4372-8D9B-985BB338B9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*",
"matchCriteriaId": "2387D138-C8F5-4DC1-A51E-629F9D96F4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*",
"matchCriteriaId": "0504B6B8-AFA0-418E-AA86-057F4FD01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*",
"matchCriteriaId": "78CA1BE6-6ACF-42B4-B603-9764A8B81555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*",
"matchCriteriaId": "69866794-C599-49F7-8071-789DA3308AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*",
"matchCriteriaId": "850DCAC9-D98E-40C1-A748-88E257F09388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4523A4D2-1E40-4A14-81D7-820A2C81C90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*",
"matchCriteriaId": "F4C03D7C-0EEC-4C66-8705-F69909483048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "9431C11F-E153-4298-8A1B-2CDF677A1428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*",
"matchCriteriaId": "557B4FD6-B1BD-47B4-87B8-7096B99695B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF829-DA42-4C87-AB14-B03BD0AFB177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*",
"matchCriteriaId": "C74D8FDF-04B3-4B03-9110-27683E2329FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*",
"matchCriteriaId": "5C376A34-DC80-4080-9B53-37D954B6F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4613CD78-8A7D-4382-9975-1BE698E6C2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "9F32937B-9B1D-495F-812A-BEBAF3C67540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*",
"matchCriteriaId": "5683B22F-54D1-4C53-8378-3500ADB4AD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "08147E4E-6064-44D6-AF7C-1EB584A7CD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "E0B110D0-A1BF-486B-A5C4-5927877C1258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*",
"matchCriteriaId": "1C52392E-72C9-4F74-AECE-B20C0259E37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*",
"matchCriteriaId": "38A4BE4A-B607-483E-AE79-8FF17BEF60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*",
"matchCriteriaId": "3B2ABFA6-4506-42F8-B458-9EB83C8312DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*",
"matchCriteriaId": "B19B98B7-85D3-4D44-9853-1CD69586BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*",
"matchCriteriaId": "2EFDF89F-54BE-4D72-B95D-12127D8B35A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*",
"matchCriteriaId": "E4DD32D9-A0CA-4434-A8CF-121942FDF152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*",
"matchCriteriaId": "F86FFDB3-B19E-438E-8E5C-6D4994A29B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*",
"matchCriteriaId": "EB4C9B9E-2D26-4850-BAC4-7ABD3C8AE8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*",
"matchCriteriaId": "4921142A-2D9F-40BE-9640-44037667FB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*",
"matchCriteriaId": "0909BEDE-D384-4719-87C7-4748E70669D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*",
"matchCriteriaId": "43969BCD-92A9-4181-9BE7-9A370FF0EA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*",
"matchCriteriaId": "B8C20F0D-43FD-4313-89DF-F2BCA271C1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*",
"matchCriteriaId": "190837F9-E545-4576-8660-76837BFBA127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*",
"matchCriteriaId": "6C379810-C027-4443-BA2F-C72A0AFE9074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*",
"matchCriteriaId": "BCF031DE-E118-4DF5-9699-6F14B7B3C6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*",
"matchCriteriaId": "970C0BA4-6CA9-4304-BAC0-68B2403DCD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*",
"matchCriteriaId": "6191E179-7D42-4D9A-AF78-B87DBC198B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*",
"matchCriteriaId": "01FC1A37-2AB7-4212-A93A-58021592FF67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*",
"matchCriteriaId": "96287289-2736-4197-B325-9D58EFDD6A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*",
"matchCriteriaId": "3BCC8D28-C586-4E55-B7CD-A7116F5F65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*",
"matchCriteriaId": "E2437FCD-F77F-4103-914C-20C54C3E088A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*",
"matchCriteriaId": "45F52278-27B0-431E-8FF0-E3A5F68D513D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*",
"matchCriteriaId": "E231C429-0C6D-4DA6-8D89-DB888493F741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*",
"matchCriteriaId": "F7C72CCF-41A6-423D-AB08-DF6FA53E4F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*",
"matchCriteriaId": "999D1D05-D8D7-445E-AAF7-B14769001928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*",
"matchCriteriaId": "CC29D099-13A7-48F5-8A8A-6A564B972D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*",
"matchCriteriaId": "AFAACD50-F964-48EB-8C71-856501FA5BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*",
"matchCriteriaId": "E52DD6D8-DCB5-470E-9F77-653552A5436B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*",
"matchCriteriaId": "1E41D887-5E33-4D94-9C9C-7385D7D777E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*",
"matchCriteriaId": "352966E5-E938-4FA4-A41B-2D95C0E233ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*",
"matchCriteriaId": "2C234A10-9D5A-4C47-92F1-82DA80F5B310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*",
"matchCriteriaId": "8E1516F7-D152-4D9C-92D3-4BD68D77475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*",
"matchCriteriaId": "BDDFB075-FA1B-47B9-B2EC-80228C20F042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*",
"matchCriteriaId": "9A55F076-4CED-4BFC-B87D-A2AE950F78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*",
"matchCriteriaId": "50ACF821-D09A-40B9-95A6-BC8DED3460D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*",
"matchCriteriaId": "E0949C30-651A-4646-B215-38AE86F719F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*",
"matchCriteriaId": "2DA8E108-49A7-4281-A938-ED1C1E4890B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*",
"matchCriteriaId": "3B631D21-372B-4B68-B467-F1A5616C5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*",
"matchCriteriaId": "26BC3F05-FC81-45E4-9D23-864C9B9FF47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*",
"matchCriteriaId": "1BBF87A7-2A53-418D-BB27-D55B10564894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*",
"matchCriteriaId": "9343B338-953B-4E7D-9CD2-00781FFE3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*",
"matchCriteriaId": "9966E015-590E-4CAD-AEE9-F06E1B34A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*",
"matchCriteriaId": "F3CD27A7-D7B8-4E7E-9F61-F5BCDC0DD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*",
"matchCriteriaId": "04BB508C-91EA-43A3-B4AC-A7591801F387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "2B71FA9F-0FC4-4D12-B595-AC529878BC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E9B5A2E3-4F3D-48CC-A2F0-65B9AD2530F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "0979E79B-936C-4787-8E0A-9F7F43A8A748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "673E69A8-71BA-49EC-B1AE-931736C6BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "141FB02E-695F-484E-8FF6-C334C11F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*",
"matchCriteriaId": "C3CF5C1A-6C97-47BA-BF7E-977E3C938DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*",
"matchCriteriaId": "79BEA328-C2CB-4CFA-8CF8-C8B70A37DF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*",
"matchCriteriaId": "942DC320-20A3-4CBF-BF94-390A9163FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*",
"matchCriteriaId": "A42F5F45-4BF6-4076-AC36-F3EDDAC665A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*",
"matchCriteriaId": "600E4C41-B1E1-468D-BA1A-489D0CE5F565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*",
"matchCriteriaId": "CE3BE5B8-37E1-4BB9-A59E-9F3F36BABDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*",
"matchCriteriaId": "E41D8FA9-5D9D-4102-B117-40354F847403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*",
"matchCriteriaId": "8E620B19-0286-4723-91C4-848B6C453509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*",
"matchCriteriaId": "9274C66F-E6AA-4ABD-BF52-3BCCA75821EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*",
"matchCriteriaId": "C7D6AFFF-645C-42D0-ADC9-9D4852B0E5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*",
"matchCriteriaId": "E7A0FC78-73CE-48CE-BD68-74C095F5B052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*",
"matchCriteriaId": "74D85A59-40DE-4DF6-8F41-53BC9EF56DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*",
"matchCriteriaId": "88B2C298-9BB4-4E2E-A1BF-6A4688248FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*",
"matchCriteriaId": "0F5AB70E-BAD0-4C09-9328-89EF049E5C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*",
"matchCriteriaId": "BF029B3F-93BE-44D3-B8E8-65F18A4F6632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*",
"matchCriteriaId": "C054330B-8344-437B-893F-AD844BCA3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*",
"matchCriteriaId": "CA7A820D-17C3-4F20-B4C4-9068F9594786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*",
"matchCriteriaId": "DEA0897C-62CE-401A-B940-4CA47A0BDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*",
"matchCriteriaId": "63F66EA4-1DF6-4EE8-A42C-86D32B82F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*",
"matchCriteriaId": "269B1711-8110-4177-8CF2-AD9F1D9E20AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*",
"matchCriteriaId": "39DFD696-3A7F-4003-9F87-458891B787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*",
"matchCriteriaId": "C15E39AA-79CE-48A7-9629-AC75EC444B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*",
"matchCriteriaId": "2592E246-7208-4CC5-8004-D2AEAB45380C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*",
"matchCriteriaId": "967CA03D-EB7F-4FA7-8FDA-42EEBA2EF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*",
"matchCriteriaId": "41EB109A-9CF3-498C-93B2-07A31D3CB09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "73FB7AA8-4BA9-49D4-A950-C33FA4C59CD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature."
},
{
"lang": "es",
"value": "Zoho ManageEngine OpManager 5.7 antes de la build 5702 tiene Cross-Site Scripting (XSS) mediante la caracter\u00edstica de b\u00fasqueda de empleados."
}
],
"id": "CVE-2018-20485",
"lastModified": "2024-11-21T04:01:34.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T18:29:00.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5 | ||
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/data-security/release-notes.html | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/eventlog/features-new.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/data-security/release-notes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/eventlog/features-new.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_exchange_reporter_plus | * | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_ad360 | * | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_datasecurity_plus | * | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | * | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_eventlog_analyzer | * | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.3 | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.3 | |
| zohocorp | manageengine_adaudit_plus | * | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_o365_manager_plus | * | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_cloud_security_plus | * | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_log360 | * | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7380E0EF-684C-487E-B343-672248D8642E",
"versionEndIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*",
"matchCriteriaId": "7F229F49-EA44-4D0A-855B-FC586CE8CFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*",
"matchCriteriaId": "07AED2F0-F527-4B4A-82FC-F571899F3738",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB7B1B9-633E-4866-B236-94888342ACD1",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "1A55E1C9-DCFE-49E7-A9A3-E3A5ECBEE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E8C30A5E-33C7-4EB3-9FB4-D5AECD9A5C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "B7085438-77E4-4B12-A885-F2294CF9B318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "7821DCD0-30DB-4520-B174-0E51CB07E12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "4666EEFD-5F91-4F1D-BB15-736A984ABA27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCD7A9D-B1BC-4CE8-9E5D-8795674BB1AA",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4200:*:*:*:*:*:*",
"matchCriteriaId": "14116D8A-9798-4EF2-9652-286D4CBDAADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4201:*:*:*:*:*:*",
"matchCriteriaId": "DAC56F69-9894-4236-9E4E-412403204E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4202:*:*:*:*:*:*",
"matchCriteriaId": "6B180386-1930-4EC2-9AF8-21F375E74BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4203:*:*:*:*:*:*",
"matchCriteriaId": "91787EC1-3053-4784-B985-FC09F368CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4204:*:*:*:*:*:*",
"matchCriteriaId": "B270FDB7-A2E2-4D77-9E68-17E57ED41B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4205:*:*:*:*:*:*",
"matchCriteriaId": "06621A53-3A32-4691-A02A-417A9DBCB9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4206:*:*:*:*:*:*",
"matchCriteriaId": "E32D414E-ADEB-4FE3-8114-815A744DBF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4207:*:*:*:*:*:*",
"matchCriteriaId": "E2A124B0-CAC1-4D17-98FF-DF479F404283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4208:*:*:*:*:*:*",
"matchCriteriaId": "BED5824C-9A62-4A9E-A440-3368D709674B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4209:*:*:*:*:*:*",
"matchCriteriaId": "F36F3D07-F9E3-4CF1-8BD3-73F58B18D35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4210:*:*:*:*:*:*",
"matchCriteriaId": "357AB232-A834-4899-950D-53E0690726A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4212:*:*:*:*:*:*",
"matchCriteriaId": "680C0265-E4DF-4275-8B0C-EBD9E7B5B798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4213:*:*:*:*:*:*",
"matchCriteriaId": "27CA1268-5D13-445A-985B-AE8F5494F61C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4214:*:*:*:*:*:*",
"matchCriteriaId": "2112361C-8F57-40E6-B665-FA8D585FA933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4215:*:*:*:*:*:*",
"matchCriteriaId": "A4E777D1-9414-439C-9309-7C89192905A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4216:*:*:*:*:*:*",
"matchCriteriaId": "FDCD0C9A-0287-4BAA-97C1-CCA96212A8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4217:*:*:*:*:*:*",
"matchCriteriaId": "27D917BB-D64D-4E16-B5E2-485EE127A310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4219:*:*:*:*:*:*",
"matchCriteriaId": "CD0D83CD-3F8B-41A5-8110-2207FC202529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4220:*:*:*:*:*:*",
"matchCriteriaId": "E7569882-9E12-4ED8-9F54-AC1F0C9EC50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4222:*:*:*:*:*:*",
"matchCriteriaId": "F15A754D-A668-42C8-9E37-7A3364BE129B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4223:*:*:*:*:*:*",
"matchCriteriaId": "086FDB61-78D3-4540-B2AC-42DF1D41ABA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4224:*:*:*:*:*:*",
"matchCriteriaId": "6F9285FB-23E4-438E-8081-D0589A8727C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4225:*:*:*:*:*:*",
"matchCriteriaId": "A4E0D81C-36B3-4638-BB0E-18023D13DA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4227:*:*:*:*:*:*",
"matchCriteriaId": "5B1F3742-3B1A-43DC-8CD7-547A4EB436E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3ADF4BC-41C3-483D-A24F-52F5D8D90E02",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "D88BAE7C-AE20-4B66-8380-93CFF7E716F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "A2EA6313-C2FC-45B5-92E6-4239B4E41E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "B6BAA7AF-E61E-40FB-ADA5-CDC51508A848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "9F96ED00-5DBE-4909-90DF-F4CDB4946ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "4CCFDC58-067A-420F-924B-9BFC342411D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "3C532BCE-429E-403D-9D44-9E3B8FD35C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "7286F2C9-FB52-4524-8293-81B36E9E8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "E70A8EC5-1046-42E8-99DC-D564B66BA987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6020:*:*:*:*:*:*",
"matchCriteriaId": "A6BF11B6-4616-49DC-B7D0-0165691D7ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6021:*:*:*:*:*:*",
"matchCriteriaId": "32FCBB8F-35F2-4A3C-8F04-39AEAAB76BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "75F07512-4B8D-492C-A59A-E2E75713241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "1750C0CC-B017-44DF-95F2-628125E416FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "B0D5FC87-6BD7-4056-8879-7BAF28BB69C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19FFF0-464F-4BAA-BD8F-5A8296EAC724",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "58739BDC-8741-4904-96C4-5E075FF87676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "69C40DE9-1849-437B-8C48-BB5ACD104CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "5792AAA4-6E32-48F6-BAF9-91AE9CE468D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "BB623771-BA56-4684-85E1-941A5EF0624A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6016:*:*:*:*:*:*",
"matchCriteriaId": "9CCF0FA4-0326-405B-94F2-513E0FAA6FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "789DE939-8305-4684-B19C-29F5A26E25A6",
"versionEndIncluding": "12.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12130:*:*:*:*:*:*",
"matchCriteriaId": "04E5575C-A204-4A46-ACDB-7A2837B2A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12135:*:*:*:*:*:*",
"matchCriteriaId": "22C76170-BE8E-40D7-9AA0-349EBB9DC718",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "350B9823-6421-4817-A9BA-B138918ADEDB",
"versionEndIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "053FB8DD-94D7-438A-8802-8ECF8B79FCA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "616D32A3-B19A-4C05-BF43-4AEB7573BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "28FF33D3-81DE-4849-8EA9-4C396D775892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "A6BE7AA0-F201-4F29-BE11-983CAE5BE103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "64339FF6-3563-41B2-8B61-A9DF076069C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "AD025538-8C73-4648-9C77-25E49FF77A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "FB3C81C0-1234-4CAA-8FB1-833FB2EF4872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "A5E6D12F-C642-4001-A838-65DDA3F94D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6033:*:*:*:*:*:*",
"matchCriteriaId": "32435B99-81DD-4AEC-ABBF-DEAFAB00CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6050:*:*:*:*:*:*",
"matchCriteriaId": "37CDC611-B94C-483C-9C4C-5BCFA6CAB7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6052:*:*:*:*:*:*",
"matchCriteriaId": "A75E3D4D-5596-4E93-8541-F183AF105231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45EEAE93-0898-4FD8-9A31-FE2D5AAD3E79",
"versionEndIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1312ABF3-93FA-46E7-BF3C-61B1A0E7BA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4301:*:*:*:*:*:*",
"matchCriteriaId": "6912B88D-23D4-4E1E-98B8-60A60314A516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "7392FEE2-8102-4125-8927-4356732ED167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "0A9867BA-BAD0-482E-AC6B-CFDC9BF19AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "B20578E3-8995-4062-9FBF-85B76945B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "96471B59-E195-4FF4-A36C-C4248F970817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "DAD74918-D60A-427A-B46B-979F3D0870A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "91731443-F449-457A-B8BD-017726596714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "C923DAAE-1C60-4A50-800D-422098A143FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "F820E8A0-981A-4C68-AFBF-D263B627F4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4311:*:*:*:*:*:*",
"matchCriteriaId": "84F1A956-19D1-47D3-AEF4-0117A25A1DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "2AE25043-4F64-4B5E-8B9F-B0793FE4834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4316:*:*:*:*:*:*",
"matchCriteriaId": "2D5849AA-9DD2-4836-9F78-0CFB917A8398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4317:*:*:*:*:*:*",
"matchCriteriaId": "777FFDDC-EA8A-45C5-963A-8982C7FA9D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4318:*:*:*:*:*:*",
"matchCriteriaId": "61658169-04C4-45A5-B6F9-31EABDFC7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4319:*:*:*:*:*:*",
"matchCriteriaId": "0439F4CA-5831-444F-9403-91B08D55CE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4320:*:*:*:*:*:*",
"matchCriteriaId": "CCE01DB3-1C25-4A0A-86A2-48052A01F21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4321:*:*:*:*:*:*",
"matchCriteriaId": "20CF3B2A-E1DA-472C-9E5B-7729F5A9B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4322:*:*:*:*:*:*",
"matchCriteriaId": "EF5CADAA-EE4B-45FE-8B31-910EB2F9A457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4324:*:*:*:*:*:*",
"matchCriteriaId": "317936F9-5856-4C05-96B0-06B286002C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4325:*:*:*:*:*:*",
"matchCriteriaId": "7A6A9E35-0AE0-41EC-95BD-6DA045B670C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4327:*:*:*:*:*:*",
"matchCriteriaId": "02E7A3A5-B101-450A-B048-580535ACD150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4328:*:*:*:*:*:*",
"matchCriteriaId": "A7804A96-2937-46EE-BCCE-7C19D3A0BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4329:*:*:*:*:*:*",
"matchCriteriaId": "92CF2307-5CE0-44C6-BBAB-9974879426D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4330:*:*:*:*:*:*",
"matchCriteriaId": "A8D1D36D-990A-426E-9DA6-8506DA235FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4331:*:*:*:*:*:*",
"matchCriteriaId": "9210E989-CEBE-430A-ABF1-30DFC3B81CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4332:*:*:*:*:*:*",
"matchCriteriaId": "AD45843D-AB8F-4CFF-8EDA-3A1AEB9C3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4333:*:*:*:*:*:*",
"matchCriteriaId": "81549C4B-1B64-4E4F-91D2-25EA86BB2859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4334:*:*:*:*:*:*",
"matchCriteriaId": "56201D6A-2330-41D0-B38D-9D4A21D6CF20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D116EAD-FC10-4B20-88C1-356C9EE0F8D7",
"versionEndIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF66EAF9-40F8-4C96-B521-58EFEFFEA2C6",
"versionEndIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "4DE6724F-80AA-4B3E-8CF1-1158F6C98AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*",
"matchCriteriaId": "A4D9B6E0-47A7-48D1-AF6A-A8512475ABD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*",
"matchCriteriaId": "FFD7E625-FAA2-4452-9E18-5E4A61A93FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*",
"matchCriteriaId": "8504DAE3-6CD9-4640-9EB1-CB304DB79BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*",
"matchCriteriaId": "F42110FC-D21E-439E-BB8C-45C03F639CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*",
"matchCriteriaId": "612E5D11-83D1-4E80-B7A4-57F61690DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*",
"matchCriteriaId": "C89C31C7-3196-47CD-9A9D-0761CEEB04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "821C24DA-1C22-43ED-AD67-E947D323A3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "FAFEF7B6-4B56-42C8-958B-E0B677F5D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "43CEBA06-F115-41E9-8B3E-C004528340A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "E398D48C-AD94-4E84-9E3A-28A8586B3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "3D042A11-638F-4485-A753-ACF2BE92D900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B0E2FA-186D-48D7-89AE-461224CA7242",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4F222A9E-12E7-45E6-BF7D-61D60FCF1787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "E5EBBD07-EB06-407C-8BFE-139A7F37D129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4408F07A-E77E-4F74-B951-E90D0AD0FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "44454167-93A9-4109-A137-0DBF56B870E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "9F95F165-5E41-4F44-A049-1B67F045A3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "EF50B0BD-244E-4445-A119-7165829BEA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "0A509BA6-9E79-4250-B412-2CCE2EF20031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5150:*:*:*:*:*:*",
"matchCriteriaId": "CA676B42-6E42-4A5C-986E-C06A4F97500A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5154:*:*:*:*:*:*",
"matchCriteriaId": "CA8D9B25-9BB1-427A-8C07-FB40638218E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5155:*:*:*:*:*:*",
"matchCriteriaId": "B1660FC6-4E59-4F1B-ABAB-51E7CD31B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5160:*:*:*:*:*:*",
"matchCriteriaId": "994FB926-30C1-4399-BE7E-1989375382FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5164:*:*:*:*:*:*",
"matchCriteriaId": "38C88C6C-A399-4B3F-A3DE-8410B68C9C2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zoho ManageEngine Exchange Reporter Plus antes del n\u00famero de compilaci\u00f3n 5510, AD360 antes del n\u00famero de compilaci\u00f3n 4228, ADSelfService Plus antes del n\u00famero de compilaci\u00f3n 5817, DataSecurity Plus antes del n\u00famero de compilaci\u00f3n 6033, RecoverManager Plus antes del n\u00famero de compilaci\u00f3n 6017, EventLog Analyzer antes del n\u00famero de compilaci\u00f3n 12136, ADAudit Adem\u00e1s, antes del n\u00famero de compilaci\u00f3n 6052, O365 Manager Plus antes del n\u00famero de compilaci\u00f3n 4334, Cloud Security Plus antes del n\u00famero de compilaci\u00f3n 4110, ADManager Plus antes del n\u00famero de compilaci\u00f3n 7055 y Log360 antes del n\u00famero de compilaci\u00f3n 5166. El servlet de Java com.manageengine.ads.fw.servlet.UpdateProductDetails accesible remotamente es propenso a una omisi\u00f3n de autenticaci\u00f3n. Las propiedades de integraci\u00f3n del sistema pueden ser modificadas y conllevar a un compromiso total de la suite de ManageEngine"
}
],
"id": "CVE-2020-24786",
"lastModified": "2024-11-21T05:16:04.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.870",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}