cpe:/a:zohocorp:manageengine_adselfservice_plus:4.4 CVE-2010-3273 2011-02-17T13:00:02.997-05:00 2017-08-16T21:32:56.617-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2011-02-17T14:05:00.000-05:00 BUGTRAQ 20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities SECUNIA 43241 BID 46331 OSVDB 70869 SREASON 8089 VUPEN ADV-2011-0392 XF adselfservice-resetresult-security-bypass(65348) MISC http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.