CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 1CVE-2021-20147
https://notcve.org/view.php?id=CVE-2021-20147
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists. ManageEngine ADSelfService Plus versiones anteriores a la compilación 6116, contiene una discrepancia de respuesta observable en la operación UMCP de la ChangePasswordAPI. Esto permite a un atacante remoto no autenticado determinar si se presenta un usuario de dominio de Windows • https://www.tenable.com/security/research/tra-2021-52 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 8%CPEs: 14EXPL: 0CVE-2021-37422
https://notcve.org/view.php?id=CVE-2021-37422
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. Zoho ManageEngine ADSelfService Plus versiones 6111 y anteriores, es vulnerable a una inyección SQL mientras se vinculan las bases de datos • https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-37423
https://notcve.org/view.php?id=CVE-2021-37423
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. Zoho ManageEngine ADSelfService Plus versiones 6111 y anteriores, son vulnerables a una toma de posesión de aplicaciones vinculadas • https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0CVE-2021-37421
https://notcve.org/view.php?id=CVE-2021-37421
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, son vulnerables a una evasión de la restricción de acceso al portal de administración. • https://blog.stmcyber.com/vulns/cve-2021-37421 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37417
https://notcve.org/view.php?id=CVE-2021-37417
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, permiten omitir el CAPTCHA debido a una comprobación inapropiada de los parámetros. • https://blog.stmcyber.com/vulns/cve-2021-37417 • CWE-287: Improper Authentication •