← Back

CVE-2021-37419

nvd nist
Published: Sep 21, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.

Affected (14)

Zohocorp
1 product
Manageengine Admanager Plus
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Admanager Plus
Before 6.1
Manageengine Admanager Plus
Version 6.1
Manageengine Admanager Plus
Version 6.1 6100
Manageengine Admanager Plus
Version 6.1 6101
Manageengine Admanager Plus
Version 6.1 6102
Manageengine Admanager Plus
Version 6.1 6103
Manageengine Admanager Plus
Version 6.1 6104
Manageengine Admanager Plus
Version 6.1 6105
Manageengine Admanager Plus
Version 6.1 6106
Manageengine Admanager Plus
Version 6.1 6107
Manageengine Admanager Plus
Version 6.1 6108
Manageengine Admanager Plus
Version 6.1 6109
Manageengine Admanager Plus
Version 6.1 6110
Manageengine Admanager Plus
Version 6.1 6111

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.