GCVE - cpe:2.3:a:zohocorp:manageengine_adselfservice

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*

part: a version: 6.0 update: 6004

Vendor	Zohocorp (`4f1ab088-ab0e-54ac-b0dc-2304879a7502`)
Product	Manageengine Adselfservice Plus (`3fbdb5d5-250e-50f0-93a4-67a4b1106c54`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-28342`	vulnerable	2026-06-03 14:51:08.869205	Details available Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. Published: 2023-04-05T00:00:00.000Z Updated: 2025-02-13T16:00:12.940Z Open on db.gcve.eu Reference links https://manageengine.com https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-40539`	vulnerable	2026-06-03 14:45:24.377840	Details available Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Published: 2021-09-07T16:06:58.000Z Updated: 2025-10-21T23:25:35.374Z Open on db.gcve.eu Reference links https://www.manageengine.com https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-28958`	vulnerable	2026-06-03 14:44:19.119775	Details available Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. Published: 2021-06-25T11:54:17.000Z Updated: 2024-08-03T21:55:12.288Z Open on db.gcve.eu Reference links https://www.manageengine.com https://www.manageengine.com/products/self-service-password/release-notes.html#6102 https://blog.stmcyber.com/vulns/cve-2021-28958/ https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27214`	vulnerable	2026-06-03 14:44:09.692231	Details available A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. Published: 2021-02-19T18:39:28.000Z Updated: 2024-08-03T20:40:47.379Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/self-service-password/release-notes.html https://www.horizonsecurity.it/lang_EN/advisories/?a=20&title=ManageEngine+ADSelfService+Plus+privilege+escalation++CVE202127214	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Zoho Corp ManageEngine ADSelfService Plus 6.0 6004

PURL mappings

Vulnerability references

Contribute