Filtered by vendor Zohocorp
Subscribe
Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5366 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | N/A | 8.1 HIGH |
|
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
|
|||||
| CVE-2025-3835 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | N/A | 9.6 CRITICAL |
|
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
|
|||||
| CVE-2024-52323 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2025-09-26 | N/A | 8.1 HIGH |
|
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
|
|||||
| CVE-2022-36923 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2025-09-24 | N/A | 7.5 HIGH |
|
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
|
|||||
| CVE-2025-3444 | 1 Zohocorp | 2 Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-06-17 | N/A | 6.5 MEDIUM |
|
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.
|
|||||
| CVE-2024-27314 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-06-17 | N/A | 2.4 LOW |
|
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
|
|||||
| CVE-2025-3834 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.1 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
|
|||||
| CVE-2025-3836 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
|
|||||
| CVE-2025-41403 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
|
|||||
| CVE-2025-36527 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
|
|||||
| CVE-2025-41407 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
|
|||||
| CVE-2025-27709 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
|
|||||
| CVE-2025-36528 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
|
|||||
| CVE-2025-41444 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
|
|||||
| CVE-2023-48793 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-11 | N/A | 9.8 CRITICAL |
|
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
|
|||||
| CVE-2023-48792 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-11 | N/A | 9.8 CRITICAL |
|
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
|
|||||
| CVE-2023-49943 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-06-02 | N/A | 5.4 MEDIUM |
|
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
|
|||||
| CVE-2023-29505 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2025-05-30 | N/A | 4.3 MEDIUM |
|
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.
|
|||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
|
|||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 3.5 LOW | 4.3 MEDIUM |
|
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
|
|||||
| CVE-2021-31531 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-05-30 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
|
|||||
| CVE-2021-31530 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
|
|||||
| CVE-2021-31160 | 1 Zohocorp | 2 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
|
|||||
| CVE-2020-8422 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2025-05-30 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
|
|||||
| CVE-2020-15595 | 1 Zohocorp | 1 Manageengine Application Control Plus | 2025-05-30 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
|
|||||
| CVE-2020-15594 | 1 Zohocorp | 1 Manageengine Application Control Plus | 2025-05-30 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.
|
|||||
| CVE-2019-7162 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-05-30 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
|
|||||
| CVE-2019-7161 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
|
|||||
| CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-05-30 | 7.5 HIGH | 10.0 CRITICAL |
|
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
|
|||||
| CVE-2024-36036 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-16 | N/A | 4.2 MEDIUM |
|
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
|
|||||
| CVE-2023-49330 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-12 | N/A | 8.3 HIGH |
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
|
|||||
| CVE-2023-49334 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
|
|||||
| CVE-2023-49333 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
|
|||||
| CVE-2024-21791 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 4.7 MEDIUM |
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Note: Non-admin users cannot exploit this vulnerability.
|
|||||
| CVE-2023-49335 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
|
|||||
| CVE-2023-49332 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
|
|||||
| CVE-2023-49331 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-09 | N/A | 8.3 HIGH |
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
|
|||||
| CVE-2023-38743 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-05-05 | N/A | 7.2 HIGH |
|
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
|
|||||
| CVE-2022-43672 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-05-01 | N/A | 9.8 CRITICAL |
|
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
|
|||||
| CVE-2022-43671 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-05-01 | N/A | 9.8 CRITICAL |
|
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
|
|||||