Filtered by vendor Zohocorp
Subscribe
Total
484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24306 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | |||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | |||||
| CVE-2022-23863 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | |||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | |||||
| CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | |||||
| CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | |||||
| CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | |||||
| CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | |||||
| CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | |||||
| CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | |||||
| CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | |||||
| CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | |||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | |||||
| CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | |||||
| CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | |||||
| CVE-2021-44526 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | |||||
| CVE-2021-44525 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | |||||
| CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | |||||
| CVE-2021-43319 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | |||||
| CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | |||||