CVE-2019-18781

MEDIUM WAF: Medium

CVSS 6.1 Published: 2019-12-18

CWE-601

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0
zohocorp	manageengine_adselfservice_plus	5.0

References

pitstop.manageengine.com (Vendor Advisory)
www.manageengine.com (Release Notes, Vendor Advisory)

Back to CVE Database