GCVE - cpe:2.3:a:zohocorp:manageengine_adselfservice

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*

part: a version: 5.5 update: -

Vendor	Zohocorp (`4f1ab088-ab0e-54ac-b0dc-2304879a7502`)
Product	Manageengine Adselfservice Plus (`3fbdb5d5-250e-50f0-93a4-67a4b1106c54`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-28342`	vulnerable	2026-06-03 14:51:08.827918	Details available Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. Published: 2023-04-05T00:00:00.000Z Updated: 2025-02-13T16:00:12.940Z Open on db.gcve.eu Reference links https://manageengine.com https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28342.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-40539`	vulnerable	2026-06-03 14:45:24.345274	Details available Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Published: 2021-09-07T16:06:58.000Z Updated: 2025-10-21T23:25:35.374Z Open on db.gcve.eu Reference links https://www.manageengine.com https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-28958`	vulnerable	2026-06-03 14:44:19.085008	Details available Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. Published: 2021-06-25T11:54:17.000Z Updated: 2024-08-03T21:55:12.288Z Open on db.gcve.eu Reference links https://www.manageengine.com https://www.manageengine.com/products/self-service-password/release-notes.html#6102 https://blog.stmcyber.com/vulns/cve-2021-28958/ https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-5353`	vulnerable	2026-06-03 14:38:57.443968	Details available The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required Published: 2020-09-29T20:07:22.000Z Updated: 2024-08-05T05:33:44.213Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/self-service-password/release-notes.html http://zoho.com https://github.com/missing0x00/CVE-2018-5353	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Zoho Corp ManageEngine ADSelfService Plus 5.5

PURL mappings

Vulnerability references

Contribute