Vulnerability Details CVE-2019-3905
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.1%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
References
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-3905
- https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/
- https://www.manageengine.com/products/self-service-password/release-notes.html#5703
- https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/
- https://www.manageengine.com/products/self-service-password/release-notes.html#5703
Products affected by CVE-2019-3905
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7