Vulnerabilities (CVE)

Filtered by vendor Zohocorp Subscribe
Filtered by product Manageengine Applications Manager
Total 52 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-38333 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 N/A 6.1 MEDIUM
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
CVE-2023-29442 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 N/A 6.1 MEDIUM
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
CVE-2023-28341 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 N/A 6.1 MEDIUM
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
CVE-2023-28340 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 N/A 6.5 MEDIUM
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
CVE-2022-23050 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 7.2 HIGH
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
CVE-2021-35512 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVE-2021-31813 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
CVE-2020-35765 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 8.8 HIGH
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
CVE-2020-28679 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 8.8 HIGH
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
CVE-2020-27995 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
CVE-2020-27733 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
CVE-2020-24743 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
CVE-2020-16267 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
CVE-2020-15927 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
CVE-2020-15533 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
CVE-2020-15521 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
CVE-2020-15394 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
CVE-2020-14008 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 MEDIUM 7.2 HIGH
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
CVE-2020-10816 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
CVE-2019-19800 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.