National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-20485 Detail

Current Description

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.

Source:  MITRE
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 6.1 MEDIUM
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (V3 legend)
Impact Score: 2.7
Exploitability Score: 2.8


Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html
https://www.manageengine.com/products/self-service-password/release-notes.html Release Notes Vendor Advisory

Technical Details

Vulnerability Type (View All)

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4510
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4511
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4520
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4522
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4531
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4540
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4543
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4544
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4550
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4560
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4570
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4571
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4572
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4580
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4590
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4591
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:4.5:4592
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5000
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5001
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5002
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5010
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5011
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5020
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5021
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5022
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5030
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5032
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5040
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5041
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5100
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5101
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5102
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5103
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5104
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5105
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5106
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5107
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5108
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5109
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5110
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5111
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5112
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5113
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5114
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5115
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5200
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5201
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5202
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5203
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5204
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5205
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5206
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5207
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5300
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5301
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5302
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5303
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5304
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5305
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5306
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5307
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5308
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5309
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5310
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5311
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5312
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5313
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5314
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5315
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5316
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5317
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5318
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5319
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5320
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5321
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5322
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5323
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5324
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5325
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5326
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5327
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5328
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5329
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5330
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.4:5400
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5500
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5501
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5502
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5503
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5504
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5505
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5506
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5507
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5508
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5509
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5510
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5511
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5512
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5513
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5514
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5515
     Show Matching CPE(s)

Showing 100 of 116 CPEs, view all CPEs here.

Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-20485
NVD Published Date:
12/26/2018
NVD Last Modified:
05/10/2019