Primary

Context

ManageEngine ADSelfService Plus Authenticated SQL Injection Vulnerability in MFA Reports

Vulnerability

Patched

A high-severity authenticated SQL injection vulnerability has been identified in ManageEngine ADSelfService Plus versions through 6513. This vulnerability allows technicians to manipulate SQL queries related to MFA reports, potentially leading to unauthorized changes in the application’s database.

Impact

Exploitation of this vulnerability could allow authenticated ADSelfService Plus technicians to execute arbitrary SQL commands, with the potential to modify the ADSelfService Plus database without authorization.

Remediation

Users can update to ManageEngine ADSelfService Plus version 6514 or later. Instructions for downloading the latest version are available on the ManageEngine website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine ADSelfService Plus Authenticated SQL Injection Vulnerability in MFA Reports

Vulnerability

Impact

Remediation

Affected Products

Zohocorp ManageEngine ADSelfService Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating