Zoho Corp ManageEngine ADSelfService Plus 6.5 6504
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.5:6504:*:*:*:*:*:*
part: a version: 6.5 update: 6504
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Adselfservice Plus (3fbdb5d5-250e-50f0-93a4-67a4b1106c54) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-3833 |
vulnerable | 2026-06-03 15:01:05.725556 |
SQL Injection
HIGH (8.1)
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.
Published: 2025-05-14T11:00:27.309Z
Updated: 2025-05-14T13:30:00.739Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1723 |
vulnerable | 2026-06-03 14:59:06.295892 |
Account takeover
HIGH (8.1)
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.
Published: 2025-03-03T07:40:10.789Z
Updated: 2025-03-03T14:24:12.072Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11250 |
vulnerable | 2026-06-03 14:58:35.806789 |
Authentication Bypass
CRITICAL (9.1)
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.
Published: 2026-01-13T13:35:18.509Z
Updated: 2026-01-13T14:19:27.437Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.