A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-19T18:39:28

Updated: 2024-08-03T20:40:47.379Z

Reserved: 2021-02-14T00:00:00

Link: CVE-2021-27214

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-19T19:15:12.567

Modified: 2024-11-21T05:57:36.590

Link: CVE-2021-27214

cve-icon Redhat

No data.