Zohocorp Manageengine_adselfservice_plus
52 CVEs affecting Zohocorp Manageengine_adselfservice_plus. Latest disclosed: 2026-06-23. Critical: 19, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-3905 | Critical | 10.0 | 2019-01-03 | Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. |
CVE-2023-35854 | Critical | 9.8 | 2023-06-20 | Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity… |
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2021-37422 | Critical | 9.8 | 2021-09-10 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. |
CVE-2021-37423 | Critical | 9.8 | 2021-09-10 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. |
CVE-2021-40539 | Critical | 9.8 | 2021-09-07 | Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. |
CVE-2021-37421 | Critical | 9.8 | 2021-08-30 | Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. |
CVE-2021-37417 | Critical | 9.8 | 2021-08-30 | Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. |
CVE-2021-33055 | Critical | 9.8 | 2021-08-30 | Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. |
CVE-2021-28958 | Critical | 9.8 | 2021-06-25 | Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. |
CVE-2018-5353 | Critical | 9.8 | 2020-09-30 | The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spo… |
CVE-2020-24786 | Critical | 9.8 | 2020-08-31 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build n… |
CVE-2020-11552 | Critical | 9.8 | 2020-08-11 | An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associ… |
CVE-2020-11518 | Critical | 9.8 | 2020-04-04 | Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. |
CVE-2018-20664 | Critical | 9.8 | 2019-01-03 | Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. |
CVE-2025-11250 | Critical | 9.1 | 2026-01-13 | Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations. |
CVE-2022-36413 | Critical | 9.1 | 2023-03-23 | Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. |
CVE-2019-7162 | Critical | 9.1 | 2019-12-31 | An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal inform… |
CVE-2026-11374 | Critical | 9.0 | 2026-06-23 | In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be… |
CVE-2024-0252 | High | 8.8 | 2024-01-11 | ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component… |