VYPR

ManageEngine Application Control Plus

by Zoho

CVEs (46)

  • CVE-2017-11739MedMay 23, 2019
    risk 0.40cvss 6.1epss 0.03

    In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be…

  • CVE-2019-19799MedMar 13, 2020
    risk 0.35cvss 5.3epss 0.06

    Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.

  • CVE-2019-19800MedFeb 6, 2020
    risk 0.35cvss 5.3epss 0.04

    Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.

  • CVE-2017-11557MedMay 23, 2019
    risk 0.35cvss 5.3epss 0.04

    An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.

  • CVE-2020-15595MedSep 30, 2020
    risk 0.28cvss 4.3epss 0.02

    An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets…

  • CVE-2020-15594MedSep 30, 2020
    risk 0.28cvss 4.3epss 0.02

    An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the…

Page 3 of 3