ZOHO zoho manageengine adselfservice plus is a web-based end-user password management software from ZOHO. zoho ManageEngine ADSelfService Plus 6103 and earlier versions are vulnerable to an access control error that could be exploited by an attacker via the X The vulnerability can be exploited to bypass management portal access restrictions via the X-Forwarded-For header.