CVE-2021-28958 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-28958

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-25 Jun, 2021 | 12:15

Updated At-12 Jul, 2022 | 17:42

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>4.5

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.0.6

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.1

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.2

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.2

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*

Zoho Corporation Pvt. Ltd.

>>manageengine_adselfservice_plus>>5.2

cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-78	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://blog.stmcyber.com/vulns/cve-2021-28958/	cve@mitre.org	Third Party Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021	cve@mitre.org	Vendor Advisory
https://www.manageengine.com	cve@mitre.org	Vendor Advisory
https://www.manageengine.com/products/self-service-password/release-notes.html#6102	cve@mitre.org	Release Notes Vendor Advisory