Vulnerabilities (CVE)

Filtered by vendor Manageengine Subscribe
Total 409 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23050 1 Zohocorp 1 Manageengine Applications Manager 2022-06-08 6.5 MEDIUM 7.2 HIGH
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
CVE-2022-25245 1 Zohocorp 1 Manageengine Servicedesk Plus 2022-06-07 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
CVE-2022-28987 1 Zohocorp 1 Manageengine Adselfservice Plus 2022-06-01 5.0 MEDIUM 5.3 MEDIUM
ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
CVE-2022-24681 1 Zohocorp 1 Manageengine Adselfservice Plus 2022-05-17 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
CVE-2022-29535 1 Zohocorp 1 Manageengine Opmanager 2022-05-17 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
CVE-2021-41081 1 Zohocorp 1 Manageengine Network Configuration Manager 2022-05-16 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
CVE-2021-41080 1 Zohocorp 1 Manageengine Network Configuration Manager 2022-05-16 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
CVE-2022-29457 1 Zohocorp 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more 2022-05-11 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
CVE-2022-29081 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2022-05-10 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
CVE-2021-33911 1 Zohocorp 1 Manageengine Admanager Plus 2022-05-03 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
CVE-2020-15588 1 Zohocorp 1 Manageengine Desktop Central 2022-04-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
CVE-2021-42847 1 Zohocorp 1 Manageengine Adaudit Plus 2022-04-27 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
CVE-2021-43296 1 Zohocorp 1 Manageengine Supportcenter Plus 2022-04-27 5.0 MEDIUM 7.5 HIGH
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2021-43295 1 Zohocorp 1 Manageengine Supportcenter Plus 2022-04-27 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
CVE-2021-43294 1 Zohocorp 1 Manageengine Supportcenter Plus 2022-04-27 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
CVE-2022-28810 1 Zohocorp 1 Manageengine Adselfservice Plus 2022-04-26 7.1 HIGH 6.8 MEDIUM
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
CVE-2022-27908 1 Zohocorp 1 Manageengine Opmanager 2022-04-26 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVE-2022-26777 1 Zohocorp 1 Manageengine Remote Access Plus 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
CVE-2022-26653 1 Zohocorp 1 Manageengine Remote Access Plus 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
CVE-2021-3287 1 Zohocorp 1 Manageengine Opmanager 2022-04-18 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.