Filtered by vendor Zohocorp
Subscribe
Total
458 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | |||||
CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | |||||
CVE-2021-37925 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. | |||||
CVE-2021-20131 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | |||||
CVE-2021-37926 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | |||||
CVE-2021-42954 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc. | |||||
CVE-2021-37931 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | |||||
CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | |||||
CVE-2021-42955 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. | |||||
CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | |||||
CVE-2021-37927 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. | |||||
CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | |||||
CVE-2021-37423 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | |||||
CVE-2021-37762 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. | |||||
CVE-2021-44515 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. | |||||
CVE-2021-41827 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. | |||||
CVE-2021-38298 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. |