ManageEngine O365 Manager Plus
by Zoho
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37918 | 0.04 | — | 0.44 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37926 | 0.04 | — | 0.44 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-40493 | 0.03 | — | 0.39 | Oct 13, 2021 | Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. | |||
| CVE-2021-37762 | 0.03 | — | 0.37 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. | |||
| CVE-2021-37920 | 0.03 | — | 0.37 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37923 | 0.03 | — | 0.37 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37924 | 0.03 | — | 0.37 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37930 | 0.03 | — | 0.37 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-41288 | 0.03 | — | 0.32 | Sep 30, 2021 | Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | |||
| CVE-2021-37761 | 0.03 | — | 0.37 | Sep 27, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. | |||
| CVE-2021-37539 | 0.03 | — | 0.36 | Sep 27, 2021 | Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. | |||
| CVE-2021-42099 | 0.02 | — | 0.22 | Nov 30, 2021 | Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | |||
| CVE-2021-41075 | 0.02 | — | 0.26 | Oct 13, 2021 | The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | |||
| CVE-2021-37925 | 0.02 | — | 0.21 | Sep 22, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. | |||
| CVE-2021-42002 | 0.01 | — | 0.09 | Nov 11, 2021 | Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | |||
| CVE-2021-33911 | 0.01 | — | 0.07 | Jul 17, 2021 | Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | |||
| CVE-2021-28382 | 0.01 | — | 0.18 | Jun 7, 2021 | Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. | |||
| CVE-2021-44652 | 0.00 | — | 0.01 | Jan 12, 2022 | Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | |||
| CVE-2021-44650 | 0.00 | — | 0.05 | Jan 12, 2022 | Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | |||
| CVE-2021-38298 | 0.00 | — | 0.06 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. |
- CVE-2021-37918Oct 7, 2021risk 0.04cvss —epss 0.44
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37926Oct 7, 2021risk 0.04cvss —epss 0.44
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-40493Oct 13, 2021risk 0.03cvss —epss 0.39
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
- CVE-2021-37762Oct 7, 2021risk 0.03cvss —epss 0.37
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
- CVE-2021-37920Oct 7, 2021risk 0.03cvss —epss 0.37
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37923Oct 7, 2021risk 0.03cvss —epss 0.37
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37924Oct 7, 2021risk 0.03cvss —epss 0.37
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37930Oct 7, 2021risk 0.03cvss —epss 0.37
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-41288Sep 30, 2021risk 0.03cvss —epss 0.32
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
- CVE-2021-37761Sep 27, 2021risk 0.03cvss —epss 0.37
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
- CVE-2021-37539Sep 27, 2021risk 0.03cvss —epss 0.36
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
- CVE-2021-42099Nov 30, 2021risk 0.02cvss —epss 0.22
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
- CVE-2021-41075Oct 13, 2021risk 0.02cvss —epss 0.26
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
- CVE-2021-37925Sep 22, 2021risk 0.02cvss —epss 0.21
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
- CVE-2021-42002Nov 11, 2021risk 0.01cvss —epss 0.09
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
- CVE-2021-33911Jul 17, 2021risk 0.01cvss —epss 0.07
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
- CVE-2021-28382Jun 7, 2021risk 0.01cvss —epss 0.18
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.
- CVE-2021-44652Jan 12, 2022risk 0.00cvss —epss 0.01
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
- CVE-2021-44650Jan 12, 2022risk 0.00cvss —epss 0.05
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
- CVE-2021-38298Oct 7, 2021risk 0.00cvss —epss 0.06
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
Page 1 of 2