Search
Find a vulnerability
Search criteria
4 vulnerabilities found for manageengine_recovery_manager_plus by zohocorp
CVE-2026-11374 (GCVE-0-2026-11374)
Vulnerability from nvd – Published: 2026-06-23 08:19 – Updated: 2026-06-24 15:48
VLAI
Title
Account Takeover via Predictable SSO Ticket Generation
Summary
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted
by an unauthenticated user, leading to account takeover.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus |
Affected:
0 , < 6529
(custom)
|
|
| zohocorp | manageengine_recovery_manager_plus |
Affected:
0 , < 6321
(custom)
|
|
| zohocorp | manageengine_m365_manager_plus |
Affected:
0 , < 4817
(custom)
|
|
| zohocorp | manageengine_adaudit_plus |
Affected:
0 , < 8703
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T03:56:06.337907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T15:48:27.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_adselfservice_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "6529",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_recovery_manager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "6321",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_m365_manager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "4817",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_adaudit_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "8703",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."
}
],
"value": "In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340: Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T08:19:30.638Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Account Takeover via Predictable SSO Ticket Generation",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2026-11374",
"datePublished": "2026-06-23T08:19:30.638Z",
"dateReserved": "2026-06-05T12:25:17.739Z",
"dateUpdated": "2026-06-24T15:48:27.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-9163 (GCVE-0-2018-9163)
Vulnerability from nvd – Published: 2018-04-02 12:00 – Updated: 2024-08-05 07:17
VLAI
Summary
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.manageengine.com/ad-recovery-manager/… | x_refsource_CONFIRM |
| https://gurelahmet.com/cve-2018-9163-zoho-managee… | x_refsource_MISC |
| http://www.securityfocus.com/bid/103773 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/44666/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/"
},
{
"name": "103773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103773"
},
{
"name": "44666",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44666/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-03T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/"
},
{
"name": "103773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103773"
},
{
"name": "44666",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44666/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350"
},
{
"name": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/",
"refsource": "MISC",
"url": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/"
},
{
"name": "103773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103773"
},
{
"name": "44666",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44666/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9163",
"datePublished": "2018-04-02T12:00:00.000Z",
"dateReserved": "2018-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-11374 (GCVE-0-2026-11374)
Vulnerability from cvelistv5 – Published: 2026-06-23 08:19 – Updated: 2026-06-24 15:48
VLAI
Title
Account Takeover via Predictable SSO Ticket Generation
Summary
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted
by an unauthenticated user, leading to account takeover.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus |
Affected:
0 , < 6529
(custom)
|
|
| zohocorp | manageengine_recovery_manager_plus |
Affected:
0 , < 6321
(custom)
|
|
| zohocorp | manageengine_m365_manager_plus |
Affected:
0 , < 4817
(custom)
|
|
| zohocorp | manageengine_adaudit_plus |
Affected:
0 , < 8703
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T03:56:06.337907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T15:48:27.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_adselfservice_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "6529",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_recovery_manager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "6321",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_m365_manager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "4817",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "manageengine_adaudit_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "8703",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."
}
],
"value": "In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340: Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T08:19:30.638Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Account Takeover via Predictable SSO Ticket Generation",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2026-11374",
"datePublished": "2026-06-23T08:19:30.638Z",
"dateReserved": "2026-06-05T12:25:17.739Z",
"dateUpdated": "2026-06-24T15:48:27.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-9163 (GCVE-0-2018-9163)
Vulnerability from cvelistv5 – Published: 2018-04-02 12:00 – Updated: 2024-08-05 07:17
VLAI
Summary
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.manageengine.com/ad-recovery-manager/… | x_refsource_CONFIRM |
| https://gurelahmet.com/cve-2018-9163-zoho-managee… | x_refsource_MISC |
| http://www.securityfocus.com/bid/103773 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/44666/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/"
},
{
"name": "103773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103773"
},
{
"name": "44666",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44666/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-03T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/"
},
{
"name": "103773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103773"
},
{
"name": "44666",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44666/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/ad-recovery-manager/release-notes.html#5350"
},
{
"name": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/",
"refsource": "MISC",
"url": "https://gurelahmet.com/cve-2018-9163-zoho-manageengine-recovery-manager-plus-5-3-build-5330-stored-cross-site-scripting-xss-vulnerability/"
},
{
"name": "103773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103773"
},
{
"name": "44666",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44666/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9163",
"datePublished": "2018-04-02T12:00:00.000Z",
"dateReserved": "2018-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}