Vulnerability Details CVE-2019-18781
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release
- https://www.manageengine.com/products/self-service-password/release-notes.html
- https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release
- https://www.manageengine.com/products/self-service-password/release-notes.html
Products affected by CVE-2019-18781
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8