cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-27310,https://securityvulnerability.io/vulnerability/CVE-2024-27310,Zoho ADSelfService Plus Vulnerable to DOS Attack,Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query.,Manageengine,Adselfservice Plus,6.5,MEDIUM,0.0016799999866634607,false,false,false,false,,false,false,2024-05-27T17:26:14.229Z,0
CVE-2024-0252,https://securityvulnerability.io/vulnerability/CVE-2024-0252,ManageEngine ADSelfService Plus Vulnerable to Remote Code Execution,"ManageEngine ADSelfService Plus versions 6401 and earlier are exposed to a vulnerability that allows remote code execution through improper handling within the load balancer component. Exploiting this vulnerability necessitates user authentication, which adds a layer of complexity but does not eliminate the risk. Attackers who gain authenticated access could potentially leverage this weakness to execute unauthorized commands and compromise system integrity.",Manageengine,Adselfservice Plus,8.8,HIGH,0.001339999958872795,false,false,false,false,,false,false,2024-01-11T07:57:12.987Z,0
CVE-2023-35719,https://securityvulnerability.io/vulnerability/CVE-2023-35719,ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability,"ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.",Manageengine,Adselfservice Plus,6.8,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2023-09-06T05:15:00.000Z,0