Lucene search

MitreCVE-2020-11518

HistoryApr 04, 2020 - 2:15 p.m.

CVE-2020-11518

2020-04-0414:15:11

mitre

web.nvd.nist.gov

167

cve-2020-11518

zoho

manageengine adselfservice plus

remote code execution

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

Affected configurations

Nvd

Node

zohocorpmanageengine_adselfservice_plusRange≤5.7

zohocorpmanageengine_adselfservice_plusMatch5.8-

zohocorpmanageengine_adselfservice_plusMatch5.85800

zohocorpmanageengine_adselfservice_plusMatch5.85801

zohocorpmanageengine_adselfservice_plusMatch5.85802

zohocorpmanageengine_adselfservice_plusMatch5.85803

zohocorpmanageengine_adselfservice_plusMatch5.85804

zohocorpmanageengine_adselfservice_plusMatch5.85805

zohocorpmanageengine_adselfservice_plusMatch5.85806

zohocorpmanageengine_adselfservice_plusMatch5.85807

zohocorpmanageengine_adselfservice_plusMatch5.85808

zohocorpmanageengine_adselfservice_plusMatch5.85809

zohocorpmanageengine_adselfservice_plusMatch5.85810

zohocorpmanageengine_adselfservice_plusMatch5.85811

zohocorpmanageengine_adselfservice_plusMatch5.85812

zohocorpmanageengine_adselfservice_plusMatch5.85813

zohocorpmanageengine_adselfservice_plusMatch5.85814

VendorProductVersionCPE
zohocorpmanageengine_adselfservice_plus*cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*
zohocorpmanageengine_adselfservice_plus5.8cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_adselfservice_plus	*	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus::::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806::::::
zohocorp	manageengine_adselfservice_plus	5.8	cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807::::::

Rows per page:

1-10 of 171

References

pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

Related for CVE-2020-11518