CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-12476

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 75.2%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 7.2

References

http://www.securityfocus.com/bid/108813
https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3
https://github.com/0katz/CVE-2019-12476
http://www.securityfocus.com/bid/108813
https://gist.github.com/0katz/54167ba30ea361f3776e269bb7b1afb3
https://github.com/0katz/CVE-2019-12476

Products affected by CVE-2019-12476

Zohocorp » Manageengine Adselfservice Plus » Version: 4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5
Zohocorp » Manageengine Adselfservice Plus » Version: 5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12476

Products

Pricing

Contact Us