threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zohocorp manageengine adselfservice plus
Product
zohocorp manageengine adselfservice plus
51 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-11250
< 6.5
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter confi
9.1
CRITICAL
CVE-2025-3833
< 6.5
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA report
8.1
HIGH
CVE-2025-1723
< 6.5
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandlin
8.1
HIGH
CVE-2024-27310
< 6.4
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
5.3
MEDIUM
CVE-2024-0252
< 6.4
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling
8.8
HIGH
CVE-2023-6105
< 6.3
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed.
5.5
MEDIUM
CVE-2023-35719
all versions
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. Th
6.8
MEDIUM
CVE-2023-35854
< 6.1
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controlle
9.8
CRITICAL
CVE-2023-28342
all versions
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentica
7.5
HIGH
CVE-2022-36413
< 6.2
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM appl
9.1
CRITICAL
CVE-2022-47966
< 6.2
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of
9.8
CRITICAL
CVE-2022-34829
< 6.2
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mob
7.5
HIGH
CVE-2022-28987
all versions
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /S
5.3
MEDIUM
CVE-2022-29457
< 6.1
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM
8.8
HIGH
CVE-2022-28810
< 6.1
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating
6.8
MEDIUM
CVE-2022-24681
< 6.1
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account,
6.1
MEDIUM
CVE-2021-20148
<= 6.0
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a p
4.3
MEDIUM
CVE-2021-20147
<= 6.0
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePa
5.3
MEDIUM
CVE-2021-37422
< 6.1
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
9.8
CRITICAL
CVE-2021-37423
< 6.1
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
9.8
CRITICAL
CVE-2021-40539
< 6.1
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote
9.8
CRITICAL
CVE-2021-37421
< 6.1
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
9.8
CRITICAL
CVE-2021-37417
< 6.1
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
9.8
CRITICAL
CVE-2021-37416
< 6.1
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
6.1
MEDIUM
CVE-2021-33055
< 6.1
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
9.8
CRITICAL
CVE-2021-33256
all versions
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited b
8.8
HIGH
CVE-2021-31874
< 6.1
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the p
5.9
MEDIUM
CVE-2021-28958
all versions
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the passwo
9.8
CRITICAL
CVE-2021-27956
< 6.1
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page
6.1
MEDIUM
CVE-2021-27214
all versions
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 60
6.1
MEDIUM
CVE-2018-5353
< 5.5
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code an
9.8
CRITICAL
CVE-2020-24786
<= 5.7
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSe
9.8
CRITICAL
CVE-2020-11552
<= 5.8
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly e
9.8
CRITICAL
CVE-2020-11518
<= 5.7
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
9.8
CRITICAL
CVE-2019-7162
all versions
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated perso
9.1
CRITICAL
CVE-2019-18781
all versions
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to for
6.1
MEDIUM
CVE-2019-18411
all versions
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with
8.8
HIGH
CVE-2019-12876
all versions
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to
7.3
HIGH
CVE-2019-12476
>= 4.3.3 and < 5.0.6
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 al
6.8
MEDIUM
CVE-2019-8346
all versions
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for
6.1
MEDIUM
CVE-2019-11511
all versions
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
6.1
MEDIUM
CVE-2019-7161
all versions
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect in
7.5
HIGH
CVE-2019-3905
all versions
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
10.0
CRITICAL
CVE-2018-20664
all versions
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
9.8
CRITICAL
CVE-2018-20485
all versions
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
6.1
MEDIUM
CVE-2018-20484
all versions
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
6.1
MEDIUM
CVE-2014-3779
<= 5.2
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to
CVE-2011-5105
all versions
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 al
CVE-2010-3274
<= 4.4
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelf
CVE-2010-3273
<= 4.4
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtai
CVE-2010-3272
<= 4.4
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 ma
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin