Filtered by vendor Zohocorp
Subscribe
Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
|
|||||
| CVE-2022-23863 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
|
|||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
|
|||||
| CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
|
|||||
| CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.
|
|||||
| CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.
|
|||||
| CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.
|
|||||
| CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
|
|||||
| CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
|
|||||
| CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
|
|||||
| CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
|
|||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
|
|||||
| CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.
|
|||||
| CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
|
|||||
| CVE-2021-44526 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
|
|||||
| CVE-2021-44525 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
|
|||||
| CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
|
|||||
| CVE-2021-43319 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
|
|||||
| CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
|
|||||
| CVE-2021-43295 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
|
|||||
| CVE-2021-43294 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
|
|||||
| CVE-2021-42955 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
|
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
|
|||||
| CVE-2021-42954 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.
|
|||||
| CVE-2021-42847 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
|
|||||
| CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
|
|||||
| CVE-2021-42002 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
|
|||||
| CVE-2021-41833 | 1 Zohocorp | 1 Manageengine Patch Connect Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
|
|||||
| CVE-2021-41829 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
|
|||||
| CVE-2021-41828 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
|
|||||
| CVE-2021-41827 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
|
|||||
| CVE-2021-41288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
|
|||||
| CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.
|
|||||
| CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.
|
|||||
| CVE-2021-41075 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
|
|||||
| CVE-2021-40493 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
|
|||||
| CVE-2021-40178 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
|
|||||
| CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
|
|||||
| CVE-2021-40176 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
|
|||||
| CVE-2021-40175 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
|
|||||
| CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
|
|||||