Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine adselfservice plus vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-37421
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
9.8
CVSSv3
CVE-2021-37422
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 6.1
9.8
CVSSv3
CVE-2021-37423
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 6.1
9.8
CVSSv3
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is...
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
2 Github repositories
7.5
CVSSv3
CVE-2022-34829
Zoho ManageEngine ADSelfService Plus prior to 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
5.9
CVSSv3
CVE-2021-31874
Zoho ManageEngine ADSelfService Plus prior to 6104, in rare situations, allows malicious users to obtain sensitive information about the password-sync database application.
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 6.1
4.3
CVSSv3
CVE-2021-20148
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password p...
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
8.8
CVSSv3
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus prior to 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adaudit Plus 7.0.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Exchange Reporter Plus 5.7
Zohocorp Manageengine Exchange Reporter Plus
7.3
CVSSv3
CVE-2019-12876
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
Zohocorp Manageengine Admanager Plus 6.6.5
Zohocorp Manageengine Adselfservice Plus 5.7
Zohocorp Manageengine Desktop Central 10.0.380
9.8
CVSSv3
CVE-2020-24786
An issue exists in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before bu...
Zohocorp Manageengine Adselfservice Plus 5.8
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Exchange Reporter Plus
Zohocorp Manageengine Exchange Reporter Plus 5.5
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.2
Zohocorp Manageengine Datasecurity Plus
Zohocorp Manageengine Datasecurity Plus 6.0
Zohocorp Manageengine Recovermanager Plus
Zohocorp Manageengine Recovermanager Plus 6.0
Zohocorp Manageengine Eventlog Analyzer 12.1.3
Zohocorp Manageengine Eventlog Analyzer
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Adaudit Plus 6.0
Zohocorp Manageengine O365 Manager Plus 4.3
Zohocorp Manageengine O365 Manager Plus
Zohocorp Manageengine Cloud Security Plus
Zohocorp Manageengine Cloud Security Plus 4.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.0
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »