Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine ADSelfService Plus 安全漏洞
Vulnerability Description
ZOHO zoho manageengine adselfservice plus是美国卓豪(ZOHO)公司的一套基于Web的终端用户密码管理软件。 Zoho ManageEngine ADSelfService Plus 5.5 build 5517之前版本 GINA/CP模块存在安全漏洞,该漏洞源于允许远程攻击者通过欺骗来执行代码和升级特权。在打开浏览器窗口之前,它不会对预期的服务器进行身份验证。能够执行欺骗攻击的未经身份验证的攻击者可以重定向浏览器以在winlogin .exe进程上下文中执行。如果
CVSS Information
N/A
Vulnerability Type
N/A