Manageengine adselfservice plus
This hub aggregates every CVE we track for Manageengine adselfservice plus, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
44
CVEs tracked
17
Critical
9
High
2
In CISA KEV
Severity distribution
MEDIUM18CRITICAL17HIGH9
Monthly trend
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Manageengine adselfservice plus.
- CVE-2025-11250Authentication Bypass9.1
- CVE-2025-3833SQL Injection8.1
- CVE-2025-1723Account takeover8.1
- CVE-2024-27310DOS Vulnerability5.3
- CVE-2024-0252Remote code execution8.8
- CVE-2023-6105ManageEngine Information Disclosure in Multiple Products5.5
- CVE-2023-35719ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability6.8
- CVE-2023-35854Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privil...9.8
- CVE-2022-36413Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.9.1
- CVE-2022-34829Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.7.5
- CVE-2022-28987Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.5.3
- CVE-2022-29457Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.8.8
- CVE-2022-28810Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to ...KEV6.8
- CVE-2022-24681Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.6.1
- CVE-2021-20148ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configu...4.3
Product normalization is registry-driven with AI assist and human review. How it works