CVSS: 7.5EPSS: 1%CPEs: 103EXPL: 0CVE-2019-7161
https://notcve.org/view.php?id=CVE-2019-7161
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. Se ha descubierto un problema en Zoho ManageEngine ADSelfService Plus, en versiones 5.x hasta la Build 5704. Emplea claves de cifrado fijas para proteger la información, otorgando a un atacante la capacidad de descifrar cualquier dato protegido. • https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161 https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 92EXPL: 0CVE-2018-20664
https://notcve.org/view.php?id=CVE-2018-20664
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5701, tiene XEE (XML External Entity) mediante una licencia de producto subida. • https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664 https://www.manageengine.com/products/self-service-password/release-notes.html#5701 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 1%CPEs: 101EXPL: 0CVE-2019-3905
https://notcve.org/view.php?id=CVE-2019-3905
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5703, tiene Server-Side Request Forgery (SSRF). • https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905 https://www.manageengine.com/products/self-service-password/release-notes.html#5703 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 92EXPL: 1CVE-2018-20484 – Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20484
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Zoho ManageEngine ADSelfService Plus, en versiones 5.7 anteriores a la build 5702, tiene Cross-Site Scripting (XSS) en la implementación del diseño de autoactualización. Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46815 http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 116EXPL: 1CVE-2018-20485 – Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20485
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Zoho ManageEngine OpManager 5.7 antes de la build 5702 tiene Cross-Site Scripting (XSS) mediante la característica de búsqueda de empleados. Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46815 http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •