Filtered by vendor Zohocorp Subscriptions
Total 496 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-44650 1 Zohocorp 1 Manageengine M365 Manager Plus 2024-11-21 7.2 High
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
CVE-2021-44526 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-11-21 9.8 Critical
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
CVE-2021-44525 1 Zohocorp 1 Manageengine Pam360 2024-11-21 9.8 Critical
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
CVE-2021-44515 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 9.8 Critical
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
CVE-2021-44514 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 9.8 Critical
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
CVE-2021-44077 1 Zohocorp 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus 2024-11-21 9.8 Critical
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
CVE-2021-43319 1 Zohocorp 1 Manageengine Network Configuration Manager 2024-11-21 9.8 Critical
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
CVE-2021-43296 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 7.5 High
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2021-43295 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 6.1 Medium
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
CVE-2021-43294 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 6.1 Medium
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
CVE-2021-42955 2 Microsoft, Zohocorp 2 Windows, Manageengine Remote Access Plus 2024-11-21 7.3 High
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
CVE-2021-42954 2 Microsoft, Zohocorp 2 Windows, Manageengine Remote Access Plus 2024-11-21 7.8 High
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.
CVE-2021-42847 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-21 9.8 Critical
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
CVE-2021-42099 1 Zohocorp 1 Manageengine M365 Manager Plus 2024-11-21 9.8 Critical
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
CVE-2021-42002 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 9.8 Critical
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
CVE-2021-41833 1 Zohocorp 1 Manageengine Patch Connect Plus 2024-11-21 9.8 Critical
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
CVE-2021-41829 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 7.5 High
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
CVE-2021-41828 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 7.5 High
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
CVE-2021-41827 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 7.5 High
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
CVE-2021-41288 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 9.8 Critical
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.