VYPR

ManageEngine O365 Manager Plus

by Zoho

CVEs (49)

  • CVE-2021-36771MedJul 17, 2021
    risk 0.40cvss 6.1epss 0.01

    Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.

  • CVE-2020-35594MedMar 5, 2021
    risk 0.40cvss 6.1epss 0.01

    Zoho ManageEngine ADManager Plus before 7066 allows XSS.

  • CVE-2018-9163MedApr 2, 2018
    risk 0.38cvss 5.4epss 0.05

    A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

  • CVE-2023-41904MedSep 27, 2023
    risk 0.35cvss 5.4epss 0.02

    Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.

  • CVE-2021-37922MedOct 7, 2021
    risk 0.35cvss 5.3epss 0.02

    Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.

  • CVE-2023-39912MedAug 31, 2023
    risk 0.32cvss 4.9epss 0.04

    Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.

  • CVE-2023-35786MedJul 5, 2023
    risk 0.32cvss 4.9epss 0.03

    Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.

  • CVE-2022-24446MedMar 1, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.

  • CVE-2015-1026Mar 11, 2015
    risk 0.00cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText…

Page 3 of 3