U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:zohocorp:manageengine_adselfservice_plus:5.1:5116
There are 4 matching records.
Displaying matches 1 through 4.
Vuln ID Summary CVSS Severity
CVE-2023-28342

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.

Published: April 05, 2023; 3:15:09 PM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

Published: September 07, 2021; 1:15:07 PM -0400 		V3.1: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2021-28958

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.

Published: June 25, 2021; 8:15:08 AM -0400 		V3.1: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2019-18781

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

Published: December 18, 2019; 5:15:13 PM -0500 		V3.1: 6.1 MEDIUM
 V2.0: 5.8 MEDIUM