PT-2018-6533 · Zoho · Zoho Manageengine Admanager Plus

Douglas Weir

Published

2018-02-07

Updated

2025-10-24

CVE-2017-17552

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AD Manager Plus versions 6590 through 6613

Description: The issue allows attackers to conduct URL redirection attacks via the src parameter, potentially bypassing CSRF protection or masquerading a malicious URL as trusted. This is related to the /LoadFrame endpoint.

Recommendations: For versions 6590 through 6613, as a temporary workaround, consider restricting access to the /LoadFrame endpoint to minimize the risk of exploitation. Avoid using the src parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-17552

Affected Products

Zoho Manageengine Admanager Plus

PT-2018-6533 · Zoho · Zoho Manageengine Admanager Plus

CVE-2017-17552

Weakness Enumeration

Related Identifiers

Affected Products

References · 5