Zoho Corp ManageEngine ADSelfService Plus 6.1 6113
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*
part: a version: 6.1 update: 6113
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Adselfservice Plus (3fbdb5d5-250e-50f0-93a4-67a4b1106c54) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-28342 |
vulnerable | 2026-06-03 14:51:08.883279 |
Details available
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
Published: 2023-04-05T00:00:00.000Z
Updated: 2025-02-13T16:00:12.940Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29457 |
vulnerable | 2026-06-03 14:46:57.901857 |
Details available
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Published: 2022-04-18T19:47:07.000Z
Updated: 2024-08-03T06:26:05.167Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28810 |
vulnerable | 2026-06-03 14:46:56.093980 |
Details available
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
Published: 2022-04-18T12:22:59.000Z
Updated: 2025-10-21T23:15:41.530Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24681 |
vulnerable | 2026-06-03 14:46:30.932303 |
Details available
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
Published: 2022-04-07T21:49:29.000Z
Updated: 2024-08-03T04:20:49.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-40539 |
vulnerable | 2026-06-03 14:45:24.385868 |
Details available
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Published: 2021-09-07T16:06:58.000Z
Updated: 2025-10-21T23:25:35.374Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20148 |
vulnerable | 2026-06-03 14:43:41.256282 |
Details available
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.
Published: 2022-01-03T21:07:11.000Z
Updated: 2024-08-03T17:30:07.423Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20147 |
vulnerable | 2026-06-03 14:43:41.253935 |
Details available
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.
Published: 2022-01-03T21:07:10.000Z
Updated: 2024-08-03T17:30:07.495Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.