Filtered by vendor Zohocorp
Subscribe
Total
458 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37921 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-44525 | 1 Zohocorp | 1 Manageengine Pam360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | |||||
CVE-2021-37928 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | |||||
CVE-2021-37918 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||||
CVE-2021-37420 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. | |||||
CVE-2021-44526 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | |||||
CVE-2021-20136 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup. | |||||
CVE-2021-41833 | 1 Zohocorp | 1 Manageengine Patch Connect Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | |||||
CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | |||||
CVE-2021-42847 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | |||||
CVE-2021-41828 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. | |||||
CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | |||||
CVE-2021-20147 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists. | |||||
CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | |||||
CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | |||||
CVE-2021-20148 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain. | |||||
CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | |||||
CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | |||||
CVE-2021-37424 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. |