Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
manageengine_admanager_plus
CVE-2021-33911
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
CVE-2021-20131
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
CVE-2021-20130
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
CVE-2022-42904
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.