ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 allows remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine adselfservice plus |