Filtered by vendor Manageengine
Subscribe
Total
409 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-06-08 | 6.5 MEDIUM | 7.2 HIGH |
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | |||||
CVE-2022-25245 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2022-06-07 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | |||||
CVE-2022-28987 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | |||||
CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | |||||
CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | |||||
CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | |||||
CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2022-05-11 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | |||||
CVE-2022-29081 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | |||||
CVE-2021-33911 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | |||||
CVE-2020-15588 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication. | |||||
CVE-2021-42847 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | |||||
CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | |||||
CVE-2021-43295 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. | |||||
CVE-2021-43294 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | |||||
CVE-2022-28810 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-04-26 | 7.1 HIGH | 6.8 MEDIUM |
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field. | |||||
CVE-2022-27908 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-04-26 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | |||||
CVE-2022-26777 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-04-26 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | |||||
CVE-2022-26653 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-04-26 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | |||||
CVE-2021-3287 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. |