Filtered by vendor Zohocorp
Subscribe
Total
460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8509 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | |||||
| CVE-2021-43319 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | |||||
| CVE-2019-19799 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-03-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | |||||
| CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2022-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | |||||
| CVE-2022-24306 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | |||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | |||||
| CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2022-02-02 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | |||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2022-01-25 | 6.8 MEDIUM | 7.8 HIGH |
| Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | |||||
| CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2022-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | |||||
| CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2022-01-24 | 6.5 MEDIUM | 7.2 HIGH |
| Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | |||||
| CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | |||||
| CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-14 | 4.6 MEDIUM | 7.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | |||||
| CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | |||||
| CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | |||||
| CVE-2021-20147 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists. | |||||
| CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2022-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | |||||
| CVE-2019-20474 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-01-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. | |||||
| CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | |||||
| CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | |||||
| CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | |||||