Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
zohocorp manageengine log360
zohocorp manageengine log360 5.2