National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-20485 Detail

Current Description

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.

Source:  MITRE
Description Last Modified:  12/26/2018
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 6.1 MEDIUM
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (V3 legend)
Impact Score: 2.7
Exploitability Score: 2.8


Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://www.manageengine.com/products/self-service-password/release-notes.html Release Notes Vendor Advisory

Technical Details

Vulnerability Type (View All)

  • Cross-Site Scripting (XSS) (CWE-79)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:4500
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5032
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5040
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5041
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5100
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5101
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5102
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5103
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5104
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5105
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5106
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5107
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5108
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5109
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5110
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5111
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5112
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5113
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5114
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5115
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5116
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5200
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5201
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5202
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5203
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5204
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5205
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5206
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5207
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5300
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5301
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5302
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5303
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5304
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5305
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5306
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5307
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5308
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5309
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5310
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5311
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5312
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5313
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5314
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5315
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5316
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5317
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5318
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5319
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5320
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5321
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5322
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5323
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5324
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5325
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5326
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5327
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5328
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5329
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5330
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5400
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5500
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5501
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5502
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5503
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5504
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5505
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5506
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5507
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5508
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5509
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5510
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5511
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5512
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5513
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5514
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5515
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5516
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5517
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5518
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5519
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5520
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5521
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5600
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5601
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5602
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5603
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5604
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5605
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5606
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5700
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5701
     Show Matching CPE(s)


Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-20485
NVD Published Date:
12/26/2018
NVD Last Modified:
01/10/2019