Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 6.1 | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
15
Affected Products
4
References
zohocorp / manageengine_adselfservice_plus
| - |
| - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
| zohocorp | manageengine_adselfservice_plus | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact