Vulnerabilities (CVE)

Filtered by vendor Zohocorp Subscribe
Total 514 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29457 1 Zohocorp 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
CVE-2022-28987 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
CVE-2022-28219 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 7.5 HIGH 9.8 CRITICAL
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVE-2022-27908 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVE-2022-26777 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
CVE-2022-26653 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
CVE-2022-25373 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 3.5 LOW 5.4 MEDIUM
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
CVE-2022-25245 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
CVE-2022-24978 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
CVE-2022-24681 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
CVE-2022-24306 1 Zohocorp 1 Manageengine Sharepoint Manager Plus 2024-11-21 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
CVE-2022-24305 1 Zohocorp 1 Manageengine Sharepoint Manager Plus 2024-11-21 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
CVE-2022-23863 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
CVE-2022-23779 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
CVE-2022-23050 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 7.2 HIGH
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
CVE-2021-46166 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.
CVE-2021-46165 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 4.6 MEDIUM 7.8 HIGH
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.
CVE-2021-46164 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.
CVE-2021-46065 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-11-21 3.5 LOW 4.8 MEDIUM
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
CVE-2021-44757 1 Zohocorp 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.