Filtered by vendor Manageengine
Subscribe
Total
504 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-38872 | 2024-07-26 | N/A | 8.3 HIGH | ||
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | |||||
CVE-2024-38871 | 2024-07-26 | N/A | 8.3 HIGH | ||
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | |||||
CVE-2022-47578 | 1 Zohocorp | 1 Manageengine Device Control Plus | 2024-07-22 | N/A | 7.8 HIGH |
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product." | |||||
CVE-2024-27311 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-07-18 | N/A | 8.8 HIGH |
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | |||||
CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-07-18 | N/A | 9.8 CRITICAL |
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | |||||
CVE-2024-38870 | 2024-07-18 | N/A | 3.5 LOW | ||
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module. | |||||
CVE-2023-35854 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-07-08 | N/A | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability." | |||||
CVE-2022-47577 | 1 Zohocorp | 1 Manageengine Device Control Plus | 2024-07-03 | N/A | 7.8 HIGH |
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product." | |||||
CVE-2024-36037 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | |||||
CVE-2024-27314 | 2024-07-03 | N/A | 2.4 LOW | ||
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. | |||||
CVE-2024-21791 | 2024-07-03 | N/A | 4.7 MEDIUM | ||
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability. | |||||
CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | |||||
CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | |||||
CVE-2023-49335 | 2024-07-03 | N/A | 8.3 HIGH | ||
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. | |||||
CVE-2023-49334 | 2024-07-03 | N/A | 8.3 HIGH | ||
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. | |||||
CVE-2023-49333 | 2024-07-03 | N/A | 8.3 HIGH | ||
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. | |||||
CVE-2023-49332 | 2024-07-03 | N/A | 8.3 HIGH | ||
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. | |||||
CVE-2023-49331 | 2024-07-03 | N/A | 8.3 HIGH | ||
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. | |||||
CVE-2023-49330 | 2024-07-03 | N/A | 8.3 HIGH | ||
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. | |||||
CVE-2023-48793 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 9.8 CRITICAL |
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. |