CVE-2019-18781
MEDIUMZoho ManageEngine ADSelfService Plus <5.5809 - Open Redirect
Title source: llmDescription
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.manageengine.com/products/self-service-password/release-notes.html
Vendor Advisory x_refsource_confirm
https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5809-release
Scores
CVSS v3
6.1
EPSS
0.0036
EPSS Percentile
57.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (4)
zohocorp/manageengine_adselfservice_plus
5.0 5000 (12 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.1 5100 (17 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.2 5200 (8 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.3 5300 (13 CPE variants)
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026