PT-2021-21643 · Zoho · Zoho Manageengine Adselfservice Plus

Krzysztof Andrusiak

Published

2021-09-21

Updated

2026-02-06

CVE-2021-37419

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions prior to 6112

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access or data exposure.

Recommendations For versions prior to 6112, update to version 6112 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources and internal services to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-37419

Affected Products

Zoho Manageengine Adselfservice Plus

PT-2021-21643 · Zoho · Zoho Manageengine Adselfservice Plus

CVE-2021-37419

Weakness Enumeration

Related Identifiers

Affected Products

References · 7