CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-27214

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.105

EPSS Ranking 92.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214
https://www.manageengine.com/products/self-service-password/release-notes.html
https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214
https://www.manageengine.com/products/self-service-password/release-notes.html

Products affected by CVE-2021-27214

Zohocorp » Manageengine Adselfservice Plus » Version: 6.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27214

Products

Pricing

Contact Us