VYPR

ManageEngine O365 Manager Plus

by Zoho

CVEs (49)

  • CVE-2021-37761CriSep 27, 2021
    risk 0.64cvss 9.8epss 0.09

    Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.

  • CVE-2021-37927CriSep 22, 2021
    risk 0.64cvss 9.8epss 0.02

    Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.

  • CVE-2021-33911CriJul 17, 2021
    risk 0.64cvss 9.8epss 0.05

    Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.

  • CVE-2022-38772HigAug 29, 2022
    risk 0.63cvss 8.8epss 0.78

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.

  • CVE-2022-37024HigAug 10, 2022
    risk 0.63cvss 8.8epss 0.78

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code…

  • CVE-2023-29084HigApr 13, 2023
    risk 0.58cvss 7.2epss 0.98

    Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.

  • CVE-2017-17552HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.

  • CVE-2023-48646HigNov 22, 2023
    risk 0.53cvss 7.2epss 0.82

    Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.

  • CVE-2021-44652HigJan 12, 2022
    risk 0.51cvss 7.8epss 0.03

    Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

  • CVE-2022-36923HigAug 10, 2022
    risk 0.49cvss 7.5epss 0.08

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and…

  • CVE-2018-19374HigApr 30, 2019
    risk 0.49cvss 7.0epss 0.01

    Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.

  • CVE-2023-38743HigSep 11, 2023
    risk 0.48cvss 7.2epss 0.12

    Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.

  • CVE-2019-12876HigJul 17, 2019
    risk 0.48cvss 7.3epss 0.05

    Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

  • CVE-2022-42904HigNov 18, 2022
    risk 0.47cvss 7.2epss 0.08

    Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.

  • CVE-2021-44650HigJan 12, 2022
    risk 0.47cvss 7.2epss 0.05

    Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

  • CVE-2023-31492MedAug 17, 2023
    risk 0.43cvss 6.5epss 0.05

    Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

  • CVE-2018-15740MedAug 28, 2018
    risk 0.43cvss 6.1epss 0.06

    Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.

  • CVE-2018-15608MedAug 28, 2018
    risk 0.43cvss 6.1epss 0.02

    Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.

  • CVE-2023-38332MedAug 4, 2023
    risk 0.42cvss 6.5epss 0.03

    Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.

  • CVE-2021-36772MedJul 17, 2021
    risk 0.40cvss 6.1epss 0.01

    Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.