CVE-2019-18781 — Open Redirect in Manageengine Adselfservice Plus

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 42.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Adselfservice Plus

Timeline

PublishedDec 18

Latest updateMay 24

Description

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDzohocorp/manageengine_adselfservice_plus9 versions+8

🔴Vulnerability Details

GHSA

GHSA-8xhw-3r9r-www5: An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5↗2022-05-24

▶

CVEList

CVE-2019-18781: An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5↗2019-12-18

▶