CVE-2019-18411
06.11.2019, 22:15
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
| Vendor | Product | Version |
|---|---|---|
| zohocorp | manageengine_adselfservice_plus | 5.0:5000 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5001 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5002 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5010 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5011 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5020 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5021 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5022 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5030 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5032 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5040 |
| zohocorp | manageengine_adselfservice_plus | 5.0:5041 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5100 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5101 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5102 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5103 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5104 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5105 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5106 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5107 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5108 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5109 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5110 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5111 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5112 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5113 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5114 |
| zohocorp | manageengine_adselfservice_plus | 5.1:5115 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5200 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5201 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5202 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5203 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5204 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5205 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5206 |
| zohocorp | manageengine_adselfservice_plus | 5.2:5207 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5300 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5301 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5302 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5303 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5304 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5305 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5306 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5307 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5308 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5309 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5310 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5311 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5312 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5313 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5314 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5315 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5316 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5317 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5318 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5319 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5320 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5321 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5322 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5323 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5324 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5325 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5326 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5327 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5328 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5329 |
| zohocorp | manageengine_adselfservice_plus | 5.3:5330 |
| zohocorp | manageengine_adselfservice_plus | 5.4:5400 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5500 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5501 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5502 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5503 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5504 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5505 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5506 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5507 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5508 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5509 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5510 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5511 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5512 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5513 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5514 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5515 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5516 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5517 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5518 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5519 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5520 |
| zohocorp | manageengine_adselfservice_plus | 5.5:5521 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5600 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5601 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5602 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5603 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5604 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5605 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5606 |
| zohocorp | manageengine_adselfservice_plus | 5.6:5607 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5702 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5704 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5705 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5706 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5707 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5708 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5709 |
| zohocorp | manageengine_adselfservice_plus | 5.7:5710 |
| zohocorp | manageengine_adselfservice_plus | 5.8:5800 |
| zohocorp | manageengine_adselfservice_plus | 5.8:5801 |
| zohocorp | manageengine_adselfservice_plus | 5.8:5802 |
| zohocorp | manageengine_adselfservice_plus | 5.8:5803 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration