Filtered by vendor Manageengine
Subscribe
Total
485 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | |||||
CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | |||||
CVE-2022-26653 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | |||||
CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | |||||
CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | |||||
CVE-2022-28810 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 7.1 HIGH | 6.8 MEDIUM |
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field. | |||||
CVE-2022-28987 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | |||||
CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | |||||
CVE-2022-25245 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | |||||
CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | |||||
CVE-2022-29081 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | |||||
CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | |||||
CVE-2022-28219 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | |||||
CVE-2022-27908 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | |||||
CVE-2022-26777 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | |||||
CVE-2022-24306 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | |||||
CVE-2022-25373 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | |||||
CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | |||||
CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. |