Filtered by vendor Zohocorp Subscriptions
Total 496 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-40300 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2024-11-21 9.8 Critical
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
CVE-2022-38772 1 Zohocorp 6 Manageengine Netflow Analyzer, Manageengine Network Configuration Manager, Manageengine Opmanager and 3 more 2024-11-21 8.8 High
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
CVE-2022-37024 1 Zohocorp 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more 2024-11-21 8.8 High
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
CVE-2022-36923 1 Zohocorp 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more 2024-11-21 7.5 High
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
CVE-2022-36413 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 9.1 Critical
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
CVE-2022-36412 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 9.8 Critical
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)
CVE-2022-35405 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2024-11-21 9.8 Critical
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
CVE-2022-35404 1 Zohocorp 4 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 1 more 2024-11-21 8.2 High
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
CVE-2022-35403 1 Zohocorp 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more 2024-11-21 7.5 High
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
CVE-2022-34829 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 7.5 High
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
CVE-2022-32551 1 Zohocorp 1 Manageengine Servicedesk Plus Msp 2024-11-21 7.5 High
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
CVE-2022-29535 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 9.8 Critical
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
CVE-2022-29457 1 Zohocorp 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more 2024-11-21 8.8 High
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
CVE-2022-29081 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2024-11-21 9.8 Critical
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
CVE-2022-28987 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 5.3 Medium
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
CVE-2022-28810 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 6.8 Medium
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
CVE-2022-28219 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 9.8 Critical
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVE-2022-27908 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 8.8 High
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVE-2022-26777 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 5.3 Medium
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
CVE-2022-26653 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 5.3 Medium
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).