CVE-2019-18781

Current Description

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

Basic Data

PublishedDecember 18, 2019
Last ModifiedJanuary 06, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-601
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05000******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05001******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05002******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05010******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05011******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05020******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05021******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05022******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05030******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05032******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05040******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.05041******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15100******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15101******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15102******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15103******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15104******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15105******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15106******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15107******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15108******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15109******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15110******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15111******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15112******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15113******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15114******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15115******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.15116******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25200******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25201******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25202******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25203******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25204******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25205******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25206******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.25207******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35300******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35301******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35302******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35303******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35304******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35305******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35306******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35307******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35308******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35309******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35310******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35311******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35312******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35313******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35314******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35315******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35316******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35317******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35318******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35319******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35320******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35321******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35322******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35323******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35324******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35325******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35326******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35327******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35328******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35329******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.35330******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.45400******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55500******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55501******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55502******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55503******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55504******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55505******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55506******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55507******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55508******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55509******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55510******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55511******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55512******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55513******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55514******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55515******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55516******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55517******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55518******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55519******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55520******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.55521******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65600******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65601******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65602******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65603******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65604******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65605******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65606******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.65607******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75700******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75701******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75702******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75703******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75704******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75705******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75706******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75707******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75708******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75709******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.75710******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85800******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85801******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85802******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85803******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85804******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85805******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85806******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85807******
    2.3ApplicationZohocorpManageengine Adselfservice Plus5.85808******

Vulnerable Software List

VendorProductVersions
Zohocorp Manageengine Adselfservice Plus 5.0, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8

References

NameSourceURLTags
https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-releasehttps://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-releaseCONFIRMVendor Advisory
https://www.manageengine.com/products/self-service-password/release-notes.htmlhttps://www.manageengine.com/products/self-service-password/release-notes.htmlMISCRelease Notes Vendor Advisory