VYPR

ManageEngine Remote Access Plus

by Zoho

CVEs (11)

  • CVE-2022-47523CriJan 5, 2023
    risk 0.69cvss 9.8epss 0.71

    Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

  • CVE-2022-43672CriNov 12, 2022
    risk 0.69cvss 9.8epss 0.67

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

  • CVE-2019-11361HigMar 19, 2020
    risk 0.57cvss 8.8epss 0.03

    Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.

  • CVE-2021-41829HigSep 30, 2021
    risk 0.49cvss 7.5epss 0.03

    Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.

  • CVE-2021-41828HigSep 30, 2021
    risk 0.49cvss 7.5epss 0.05

    Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.

  • CVE-2021-41827HigSep 30, 2021
    risk 0.49cvss 7.5epss 0.05

    Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.

  • CVE-2022-26777MedApr 16, 2022
    risk 0.35cvss 5.3epss 0.02

    Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.

  • CVE-2022-26653MedApr 16, 2022
    risk 0.35cvss 5.3epss 0.02

    Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).

  • CVE-2019-16268MedFeb 3, 2021
    risk 0.31cvss 4.8epss 0.02

    Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.

  • CVE-2019-20474MedFeb 17, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network…

  • CVE-2020-8422MedJan 31, 2020
    risk 0.28cvss 4.3epss 0.01

    An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name,…