Filtered by vendor Zohocorp
Subscribe
Total
418 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-35405 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-11-04 | N/A | 9.8 CRITICAL |
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.) | |||||
CVE-2022-26777 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | |||||
CVE-2022-26653 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | |||||
CVE-2022-28219 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | |||||
CVE-2022-25373 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-10-07 | 3.5 LOW | 5.4 MEDIUM |
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | |||||
CVE-2020-8838 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2022-10-07 | 4.9 MEDIUM | 6.4 MEDIUM |
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack. | |||||
CVE-2020-10189 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-10-07 | 10.0 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. | |||||
CVE-2020-27733 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | |||||
CVE-2020-9346 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | |||||
CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | |||||
CVE-2020-11946 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. | |||||
CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2022-09-30 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | |||||
CVE-2022-40300 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-09-20 | N/A | 9.8 CRITICAL |
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | |||||
CVE-2022-38772 | 1 Zohocorp | 6 Manageengine Netflow Analyzer, Manageengine Network Configuration Manager, Manageengine Opmanager and 3 more | 2022-09-02 | N/A | 8.8 HIGH |
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. | |||||
CVE-2020-21641 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2022-08-16 | N/A | 7.5 HIGH |
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | |||||
CVE-2020-21642 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2022-08-16 | N/A | 9.8 CRITICAL |
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | |||||
CVE-2022-37024 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2022-08-16 | N/A | 8.8 HIGH |
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. | |||||
CVE-2022-36923 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2022-08-16 | N/A | 7.5 HIGH |
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | |||||
CVE-2022-36412 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-08-02 | N/A | 9.8 CRITICAL |
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.) | |||||
CVE-2022-35404 | 1 Zohocorp | 4 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 1 more | 2022-07-29 | N/A | 8.2 HIGH |
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. |