CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
42.0%
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users’ profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
Vendor | Product | Version | CPE |
---|---|---|---|
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:* |
zohocorp | manageengine_adselfservice_plus | 5.0 | cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
42.0%