Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NZohocorp Manageengine Adselfservice Plus
APPZohocorp6.5< 6.5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
Related vulnerabilities
CVE-2022-47966CRITICAL9.8⚠ KEVten sam produkt
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code exec...
CVE-2021-40539CRITICAL9.8⚠ KEVten sam produkt
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass wi...
CVE-2023-35854CRITICAL9.8ten sam produkt
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal ...
CVE-2022-36413CRITICAL9.1ten sam produkt
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a passwo...
CVE-2021-37423CRITICAL9.8ten sam produkt
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.