Vulnerabilities (CVE)

Filtered by vendor Manageengine Subscribe
Total 485 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6105 3 Linux, Microsoft, Zohocorp 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more 2023-12-28 N/A 5.5 MEDIUM
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
CVE-2023-48646 1 Zohocorp 1 Manageengine Recoverymanager Plus 2023-12-10 N/A 7.2 HIGH
Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.
CVE-2023-29505 1 Zohocorp 1 Manageengine Network Configuration Manager 2023-12-10 N/A 8.8 HIGH
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.
CVE-2023-38331 1 Zohocorp 1 Manageengine Supportcenter Plus 2023-12-10 N/A 5.4 MEDIUM
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
CVE-2023-35719 1 Zohocorp 1 Manageengine Adselfservice Plus 2023-12-10 N/A 6.8 MEDIUM
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.
CVE-2020-27449 1 Zohocorp 1 Manageengine Password Manager Pro 2023-12-10 N/A 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
CVE-2023-4769 1 Zohocorp 1 Manageengine Desktop Central 2023-12-10 N/A 8.8 HIGH
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.
CVE-2023-41344 1 Ncsist 1 Mobile Device Manager 2023-12-10 N/A 7.5 HIGH
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
CVE-2023-4768 1 Zohocorp 1 Manageengine Desktop Central 2023-12-10 N/A 6.1 MEDIUM
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.
CVE-2023-4767 1 Zohocorp 1 Manageengine Desktop Central 2023-12-10 N/A 6.1 MEDIUM
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.
CVE-2023-38332 1 Zohocorp 1 Manageengine Admanager Plus 2023-12-10 N/A 6.5 MEDIUM
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
CVE-2023-41356 1 Wisdomgarden 1 Tronclass Ilearn 2023-12-10 N/A 6.5 MEDIUM
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
CVE-2023-38743 1 Zohocorp 1 Manageengine Admanager Plus 2023-12-10 N/A 7.2 HIGH
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
CVE-2023-38333 1 Zohocorp 1 Manageengine Applications Manager 2023-12-10 N/A 6.1 MEDIUM
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
CVE-2023-41904 1 Zohocorp 1 Manageengine Admanager Plus 2023-12-10 N/A 5.4 MEDIUM
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
CVE-2023-28342 1 Zohocorp 1 Manageengine Adselfservice Plus 2023-12-10 N/A 7.5 HIGH
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
CVE-2023-31099 1 Zohocorp 1 Manageengine Opmanager 2023-12-10 N/A 8.8 HIGH
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
CVE-2023-37308 1 Zohocorp 1 Manageengine Adaudit Plus 2023-12-10 N/A 5.4 MEDIUM
Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.
CVE-2022-36413 1 Zohocorp 1 Manageengine Adselfservice Plus 2023-12-10 N/A 9.1 CRITICAL
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
CVE-2023-28340 1 Zohocorp 1 Manageengine Applications Manager 2023-12-10 N/A 6.5 MEDIUM
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.