Zoho patched a high-severity vulnerability in its ADSelfService Plus software, resulting in potential risks before remediation. The flaw allowed attackers to bypass authentication, accessing sensitive enrollment data for password management and single sign-on services. This could have led to account takeovers and weakened organizational security. Zoho addressed the issue promptly with a software update, urging users to apply the patch. Although the flaw had a CVSSv3.1 score of 8.1, there were no customer data breaches reported. This incident highlights the importance of maintaining rigorous security measures, such as multi-factor authentication, to safeguard against identity management system compromises.
Source: https://cybersecuritynews.com/zoho-adselfservice-plus-vulnerability/
"id": "zoh411030525",
"linkid": "zoho",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"