Filtered by vendor Manageengine
Subscribe
Total
485 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28960 | 1 Manageengine | 1 Desktop Central | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. | |||||
CVE-2021-37422 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | |||||
CVE-2021-37929 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-20130 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | |||||
CVE-2021-37930 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | |||||
CVE-2021-33617 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | |||||
CVE-2021-40175 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | |||||
CVE-2021-40178 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | |||||
CVE-2021-20081 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Servicedesk Plus | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | |||||
CVE-2021-3287 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | |||||
CVE-2021-28382 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. | |||||
CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | |||||
CVE-2021-20080 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | |||||
CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | |||||
CVE-2021-31160 | 1 Zohocorp | 2 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. | |||||
CVE-2021-31857 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | |||||
CVE-2021-40173 | 1 Zohocorp | 1 Manageengine Cloud Security Plus | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | |||||
CVE-2021-33911 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | |||||
CVE-2021-40172 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. |