Filtered by vendor Zohocorp
Subscribe
Total
487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49574 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-20 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | |||||
| CVE-2023-34197 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2024-11-13 | N/A | 5.4 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | |||||
| CVE-2024-24409 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-13 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | |||||
| CVE-2024-10839 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-13 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option. | |||||
| CVE-2024-36485 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-07 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. | |||||
| CVE-2024-9459 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-11-06 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. | |||||
| CVE-2024-48878 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-05 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. | |||||
| CVE-2023-50785 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-10-28 | N/A | 2.7 LOW |
| Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | |||||
| CVE-2024-6204 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-19 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. | |||||
| CVE-2024-5546 | 1 Zohocorp | 2 Manageengine Pam360, Manageengine Password Manager Pro | 2024-09-19 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. | |||||
| CVE-2022-47966 | 1 Zohocorp | 22 Manageengine Access Manager Plus, Manageengine Ad360, Manageengine Adaudit Plus and 19 more | 2024-09-16 | N/A | 9.8 CRITICAL |
| Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active). | |||||
| CVE-2024-38871 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-11 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | |||||
| CVE-2024-38872 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-11 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | |||||
| CVE-2024-38868 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2024-09-04 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 | |||||
| CVE-2024-38869 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2024-08-30 | N/A | 5.4 MEDIUM |
| Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | |||||
| CVE-2024-5586 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | |||||
| CVE-2024-5556 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | |||||
| CVE-2024-5490 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | |||||
| CVE-2024-5467 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. | |||||
| CVE-2024-41150 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2024-08-27 | N/A | 6.1 MEDIUM |
| An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. | |||||