CVE-2019-3905
CRITICALManageEngine ADSelfService Plus 5.x < 5703 - Server-Side Request Forgery
Title source: llmDescription
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
References (3)
Core 3
Core References
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905/
Release Notes, Vendor Advisory
https://www.manageengine.com/products/self-service-password/release-notes.html#5703
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-3905
Scores
CVSS v3
10.0
EPSS
0.0348
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (4)
zohocorp/manageengine_adselfservice_plus
5.0 5000 (12 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.1 5100 (16 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.2 5200 (8 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.3 5300 (14 CPE variants)
Published
Jan 03, 2019
Tracked Since
Feb 18, 2026