ManageEngine ADSelfService Plus prior to 6112 is vulnerable to domain user account takeover.
zohocorp manageengine admanager plus
zohocorp manageengine admanager plus 6.1