Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Adselfservice Plus  >> 5.8  Security Vulnerabilities
CVE-2022-24681
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
CVSS Score
6.1
EPSS Score
0.2
Published
2022-04-07
CVE-2021-20147
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
CVSS Score
5.3
EPSS Score
0.069
Published
2022-01-03
CVE-2021-20148
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-03
CVE-2021-37422
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
CVSS Score
9.8
EPSS Score
0.045
Published
2021-09-10
CVE-2021-37423
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
CVSS Score
9.8
EPSS Score
0.025
Published
2021-09-10
CVE-2021-40539
Known exploited
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
CVSS Score
9.8
EPSS Score
0.944
Published
2021-09-07
CVE-2021-37417
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
CVSS Score
9.8
EPSS Score
0.186
Published
2021-08-30
CVE-2021-37421
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
CVSS Score
9.8
EPSS Score
0.089
Published
2021-08-30
CVE-2021-33055
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
CVSS Score
9.8
EPSS Score
0.218
Published
2021-08-30
CVE-2021-37416
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
CVSS Score
6.1
EPSS Score
0.07
Published
2021-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved