Filtered by vendor Zohocorp Subscriptions
Total 496 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-5466 1 Zohocorp 5 Manageengine Opmanager, Manageengine Opmanager Msp, Manageengine Opmanager Plus and 2 more 2024-12-19 8.8 High
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
CVE-2020-15595 1 Zohocorp 1 Manageengine Application Control Plus 2024-12-18 4.3 Medium
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
CVE-2020-15594 1 Zohocorp 1 Manageengine Application Control Plus 2024-12-18 4.3 Medium
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.
CVE-2024-27310 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-27 5.3 Medium
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
CVE-2024-27313 1 Zohocorp 1 Manageengine Pam360 2024-11-27 6.3 Medium
Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.
CVE-2024-36037 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-11-27 5.5 Medium
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
CVE-2023-31492 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-27 6.5 Medium
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
CVE-2024-21775 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-26 8.3 High
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
CVE-2024-49574 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-26 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
CVE-2024-5608 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-11-26 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
CVE-2024-27312 2 Manageengine, Zohocorp 2 Pam360, Manageengine Pam360 2024-11-25 8.1 High
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
CVE-2023-35786 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-22 4.9 Medium
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
CVE-2024-36518 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-11-22 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
CVE-2024-5471 1 Zohocorp 1 Manageengine Ddi Central 2024-11-21 8.8 High
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
CVE-2024-38872 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
CVE-2024-38871 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
CVE-2024-36038 1 Zohocorp 1 Manageengine Opmanager Plus 2024-11-21 6.3 Medium
Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option.
CVE-2024-27311 1 Zohocorp 1 Manageengine Ddi Central 2024-11-21 5.5 Medium
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
CVE-2024-0269 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 8.3 High
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
CVE-2024-0253 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 8.3 High
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.