Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine adselfservice plus vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-0252
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
Zohocorp Manageengine Adselfservice Plus 6.4
Zohocorp Manageengine Adselfservice Plus
5.5
CVSSv3
CVE-2023-6105
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt prod...
Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4
Zohocorp Manageengine Appcreator
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Endpoint Central Msp
Zohocorp Manageengine Endpoint Central
Zohocorp Manageengine Remote Monitoring And Management
Zohocorp Manageengine Os Deployer
Zohocorp Manageengine Remote Access Plus
Zohocorp Manageengine Mobile Device Manager Plus
Zohocorp Manageengine Application Control Plus
Zohocorp Manageengine Vulnerability Manager Plus
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Patch Manager Plus
Zohocorp Manageengine Device Control Plus
Zohocorp Manageengine Endpoint Dlp Plus
Zohocorp Manageengine Adselfservice Plus 6.3
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Cloud Security Plus 4.1
6.8
CVSSv3
CVE-2023-35719
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present malicious users to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Aut...
Zohocorp Manageengine Adselfservice Plus 6.1
9.8
CVSSv3
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is...
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
2 Github repositories
7.5
CVSSv3
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus prior to 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
Zohocorp Manageengine Adselfservice Plus 5.7
Zohocorp Manageengine Adselfservice Plus 5.0
Zohocorp Manageengine Adselfservice Plus 5.1
Zohocorp Manageengine Adselfservice Plus 5.2
Zohocorp Manageengine Adselfservice Plus 5.3
Zohocorp Manageengine Adselfservice Plus 5.4
Zohocorp Manageengine Adselfservice Plus 5.5
Zohocorp Manageengine Adselfservice Plus 5.6
Zohocorp Manageengine Adselfservice Plus 4.5
Zohocorp Manageengine Adselfservice Plus 5.8
Zohocorp Manageengine Adselfservice Plus 6.0
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus 5.0.6
Zohocorp Manageengine Adselfservice Plus 6.2
9.1
CVSSv3
CVE-2022-36413
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
9.8
CVSSv3
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Analytics Plus 5.1
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.4
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
2 Metasploit modules
6 Github repositories
2 Articles
7.5
CVSSv3
CVE-2022-34829
Zoho ManageEngine ADSelfService Plus prior to 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
5.3
CVSSv3
CVE-2022-28987
Zoho ManageEngine ADSelfService Plus prior to 6202 allows malicious users to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
Zohocorp Manageengine Adselfservice Plus 6.1
8.8
CVSSv3
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus prior to 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adaudit Plus 7.0.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Exchange Reporter Plus 5.7
Zohocorp Manageengine Exchange Reporter Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »