VYPR

Asset Explorer

by Zoho

CVEs (5)

  • CVE-2023-23075Feb 1, 2023
    risk 0.01cvss epss 0.03

    Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.

  • CVE-2022-35403Jul 12, 2022
    risk 0.00cvss epss 0.07

    Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with…

  • CVE-2021-20110Jul 19, 2021
    risk 0.00cvss epss 0.07

    Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on…

  • CVE-2021-20108Jul 19, 2021
    risk 0.00cvss epss 0.03

    Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be…

  • CVE-2021-20109Jul 19, 2021
    risk 0.00cvss epss 0.01

    Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as…