ReportizFlow
Filtered by vendor Zohocorp
Subscriptions
Total
496 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25373 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 5.4 Medium |
| Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | ||||
| CVE-2022-25245 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | ||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | ||||
| CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | ||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | ||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | ||||
| CVE-2022-24306 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | ||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | ||||
| CVE-2022-23863 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | ||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | ||||
| CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.2 High |
| ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | ||||
| CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | ||||
| CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.8 High |
| Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | ||||
| CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | ||||
| CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.8 Medium |
| A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | ||||
| CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 9.1 Critical |
| Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | ||||
| CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | ||||
| CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | ||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-11-21 | 7.8 High |
| Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | ||||
| CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | ||||