Vulnerability Details CVE-2017-17552
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2017-17552
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6590
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6591
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6601
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6602
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6610
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6611
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6612
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6613