Zohocorp: Security Vulnerabilities
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
CVSS Score
9.8
EPSS Score
0.089
Published
2021-08-30
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
CVSS Score
9.8
EPSS Score
0.218
Published
2021-08-30
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
CVSS Score
6.1
EPSS Score
0.07
Published
2021-08-30
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
CVSS Score
9.8
EPSS Score
0.093
Published
2021-08-29
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
CVSS Score
6.1
EPSS Score
0.039
Published
2021-08-29
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
CVSS Score
9.8
EPSS Score
0.068
Published
2021-08-29
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
CVSS Score
6.1
EPSS Score
0.039
Published
2021-08-29