CVE-2022-34829 ADSelfService Plus allows a denial of service via a crafted payload.

CVE-2022-34829 ADSelfService Plus allows a denial of service via a crafted payload.

This issue allows remote attackers to cause a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifier CVE-2019-6204. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifier CVE-2019-6205. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifier CVE-2019-6206. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifier CVE-2019-6207. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue

Mitigation

& Risk Assessment
Zoho ManageEngine ADSelfService Plus is vulnerable to this issue due to the default configuration. Zoho ManageEngine ADSelfService Plus makes extensive use of network monitoring and therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifiers CVE-2019-6204, CVE-2019-6205, CVE-2019-6206 and CVE-2019-6207.

Summary

This issue allows attackers to cause a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service.

Alert Logic - CVE-2019-6208

This issue allows remote attackers to cause a denial of service (application restart) via an HTTP request. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifier CVE-2019-6208. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifier CVE-2019-6209. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service. This issue has been assigned the identifier CVE-2019-6210. Network monitoring is enabled by default in Zoho ManageEngine ADSelfService Plus. Therefore, if an attacker can control or monitor the availability of the application via the network, they can cause a denial of service.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe