CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0CVE-2021-37421
https://notcve.org/view.php?id=CVE-2021-37421
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, son vulnerables a una evasión de la restricción de acceso al portal de administración. • https://blog.stmcyber.com/vulns/cve-2021-37421 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37417
https://notcve.org/view.php?id=CVE-2021-37417
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, permiten omitir el CAPTCHA debido a una comprobación inapropiada de los parámetros. • https://blog.stmcyber.com/vulns/cve-2021-37417 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37416
https://notcve.org/view.php?id=CVE-2021-37416
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. Zoho ManageEngine ADSelfService Plus versiones 6103 y anteriores, es vulnerable a un ataque de tipo XSS reflejado en la página loadframe. • https://blog.stmcyber.com/vulns/cve-2021-37416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-33055
https://notcve.org/view.php?id=CVE-2021-33055
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. Zoho ManageEngine ADSelfService Plus versiones hasta 6102, permite una ejecución de código remota no autenticado en ediciones no Inglesas. • https://blog.stmcyber.com/vulns/cve-2021-33055 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 1%CPEs: 6EXPL: 1CVE-2021-31874
https://notcve.org/view.php?id=CVE-2021-31874
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6104, en raras situaciones, permite a atacantes obtener información confidencial sobre la aplicación de base de datos de sincronización de contraseñas • https://blog.stmcyber.com/vulns/cve-2021-31874 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes •