A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-19T18:39:28
Updated: 2024-08-03T20:40:47.379Z
Reserved: 2021-02-14T00:00:00
Link: CVE-2021-27214
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-19T19:15:12.567
Modified: 2024-11-21T05:57:36.590
Link: CVE-2021-27214
Redhat
No data.