high
7.5
CWE
798
Advisory Published
Updated

CVE-2019-7161

First published: Mon Mar 18 2019(Updated: )

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ADSelfService Plus=5.0-5000
ADSelfService Plus=5.0-5001
ADSelfService Plus=5.0-5002
ADSelfService Plus=5.0-5010
ADSelfService Plus=5.0-5011
ADSelfService Plus=5.0-5020
ADSelfService Plus=5.0-5021
ADSelfService Plus=5.0-5022
ADSelfService Plus=5.0-5030
ADSelfService Plus=5.0-5032
ADSelfService Plus=5.0-5040
ADSelfService Plus=5.0-5041
ADSelfService Plus=5.1-5100
ADSelfService Plus=5.1-5101
ADSelfService Plus=5.1-5102
ADSelfService Plus=5.1-5103
ADSelfService Plus=5.1-5104
ADSelfService Plus=5.1-5105
ADSelfService Plus=5.1-5106
ADSelfService Plus=5.1-5107
ADSelfService Plus=5.1-5108
ADSelfService Plus=5.1-5109
ADSelfService Plus=5.1-5110
ADSelfService Plus=5.1-5111
ADSelfService Plus=5.1-5112
ADSelfService Plus=5.1-5113
ADSelfService Plus=5.1-5114
ADSelfService Plus=5.1-5115
ADSelfService Plus=5.2-5200
ADSelfService Plus=5.2-5201
ADSelfService Plus=5.2-5202
ADSelfService Plus=5.2-5203
ADSelfService Plus=5.2-5204
ADSelfService Plus=5.2-5205
ADSelfService Plus=5.2-5206
ADSelfService Plus=5.2-5207
ADSelfService Plus=5.3-5300
ADSelfService Plus=5.3-5301
ADSelfService Plus=5.3-5302
ADSelfService Plus=5.3-5303
ADSelfService Plus=5.3-5304
ADSelfService Plus=5.3-5305
ADSelfService Plus=5.3-5306
ADSelfService Plus=5.3-5307
ADSelfService Plus=5.3-5308
ADSelfService Plus=5.3-5309
ADSelfService Plus=5.3-5310
ADSelfService Plus=5.3-5311
ADSelfService Plus=5.3-5312
ADSelfService Plus=5.3-5313
ADSelfService Plus=5.3-5314
ADSelfService Plus=5.3-5315
ADSelfService Plus=5.3-5316
ADSelfService Plus=5.3-5317
ADSelfService Plus=5.3-5318
ADSelfService Plus=5.3-5319
ADSelfService Plus=5.3-5320
ADSelfService Plus=5.3-5321
ADSelfService Plus=5.3-5322
ADSelfService Plus=5.3-5323
ADSelfService Plus=5.3-5324
ADSelfService Plus=5.3-5325
ADSelfService Plus=5.3-5326
ADSelfService Plus=5.3-5327
ADSelfService Plus=5.3-5328
ADSelfService Plus=5.3-5329
ADSelfService Plus=5.3-5330
ADSelfService Plus=5.4-5400
ADSelfService Plus=5.5-5500
ADSelfService Plus=5.5-5501
ADSelfService Plus=5.5-5502
ADSelfService Plus=5.5-5503
ADSelfService Plus=5.5-5504
ADSelfService Plus=5.5-5505
ADSelfService Plus=5.5-5506
ADSelfService Plus=5.5-5507
ADSelfService Plus=5.5-5508
ADSelfService Plus=5.5-5509
ADSelfService Plus=5.5-5510
ADSelfService Plus=5.5-5511
ADSelfService Plus=5.5-5512
ADSelfService Plus=5.5-5513
ADSelfService Plus=5.5-5514
ADSelfService Plus=5.5-5515
ADSelfService Plus=5.5-5516
ADSelfService Plus=5.5-5517
ADSelfService Plus=5.5-5518
ADSelfService Plus=5.5-5519
ADSelfService Plus=5.5-5520
ADSelfService Plus=5.5-5521
ADSelfService Plus=5.6-5600
ADSelfService Plus=5.6-5601
ADSelfService Plus=5.6-5602
ADSelfService Plus=5.6-5603
ADSelfService Plus=5.6-5604
ADSelfService Plus=5.6-5605
ADSelfService Plus=5.6-5606
ADSelfService Plus=5.6-5607
ADSelfService Plus=5.7-5700
ADSelfService Plus=5.7-5701
ADSelfService Plus=5.7-5702
ADSelfService Plus=5.7-5703
ADSelfService Plus=5.7-5704

Remedy

https://www.manageengine.com/products/self-service-password/release-notes.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-7161?

    CVE-2019-7161 has been assigned a high severity rating due to the use of fixed ciphering keys, allowing potential data decryption by attackers.

  • How do I fix CVE-2019-7161?

    To fix CVE-2019-7161, update to the latest version of Zoho ManageEngine ADSelfService Plus where the issue has been addressed.

  • What impact does CVE-2019-7161 have on confidential data?

    CVE-2019-7161 could lead to unauthorized access to sensitive information, compromising its confidentiality.

  • Which versions of Zoho ManageEngine ADSelfService Plus are affected by CVE-2019-7161?

    CVE-2019-7161 affects various 5.x versions of Zoho ManageEngine ADSelfService Plus, specifically up to build 5704.

  • Is authentication required to exploit CVE-2019-7161?

    Authentication is not required to exploit CVE-2019-7161, making it particularly dangerous for securing sensitive data.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203