National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2019-3905 Detail

Current Description

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: 10.0 CRITICAL
Vector:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/ Third Party Advisory
https://www.manageengine.com/products/self-service-password/release-notes.html#5703 Release Notes Vendor Advisory

Weakness Enumeration

CWE-ID CWE Name Source
CWE-918 Server-Side Request Forgery (SSRF) NIST  

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5000
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5001
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5002
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5010
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5011
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5020
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5021
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5022
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5030
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5032
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5040
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.0:5041
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5100
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5101
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5102
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5103
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5104
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5105
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5106
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5107
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5108
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5109
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5110
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5111
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5112
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5113
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5114
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5115
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5200
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5201
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5202
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5203
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5204
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5205
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5206
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.2:5207
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5300
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5301
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5302
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5303
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5304
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5305
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5306
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5307
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5308
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5309
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5310
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5311
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5312
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5313
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5314
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5315
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5316
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5317
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5318
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5319
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5320
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5321
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5322
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5323
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5324
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5325
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5326
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5327
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5328
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5329
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.3:5330
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.4:5400
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5500
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5501
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5502
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5503
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5504
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5505
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5506
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5507
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5508
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5509
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5510
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5511
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5512
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5513
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5514
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5515
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5516
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5517
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5518
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5519
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5520
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.5:5521
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5600
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5601
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5602
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5603
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5604
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5605
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5606
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.6:5607
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5700
     Show Matching CPE(s)
 cpe:/a:zohocorp:manageengine_adselfservice_plus:5.7:5701
     Show Matching CPE(s)
Showing 100 of 101 CPE Match Criteria, view all CPEs here


Change History

4 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2019-3905
NVD Published Date:
01/03/2019
NVD Last Modified:
07/31/2019