Back to CVE Browser

CVE-2020-11518

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0270%

EPSS Percentile19.68th

PublishedApr 4, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

Affected Platforms (CPE)

📦

Zohocorp

Manageengine Adselfservice Plus

<= 5.7

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

📦

Zohocorp

Manageengine Adselfservice Plus

= 5.8

References & Advisories

🔗 https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix

🔗 https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix

Related Vulnerabilities

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2018-206649.8

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.

CVE-2018-53539.8

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code an...

CVE-2020-115529.8

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly e...