ManageEngine O365 Manager Plus
by Zoho
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36771 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2021 | Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. | ||
| CVE-2020-35594 | Med | 0.40 | 6.1 | 0.01 | Mar 5, 2021 | Zoho ManageEngine ADManager Plus before 7066 allows XSS. | ||
| CVE-2018-9163 | Med | 0.38 | 5.4 | 0.05 | Apr 2, 2018 | A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | ||
| CVE-2023-41904 | Med | 0.35 | 5.4 | 0.02 | Sep 27, 2023 | Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | ||
| CVE-2021-37922 | Med | 0.35 | 5.3 | 0.02 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. | ||
| CVE-2023-39912 | Med | 0.32 | 4.9 | 0.04 | Aug 31, 2023 | Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | ||
| CVE-2023-35786 | Med | 0.32 | 4.9 | 0.03 | Jul 5, 2023 | Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | ||
| CVE-2022-24446 | Med | 0.28 | 4.3 | 0.01 | Mar 1, 2022 | An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | ||
| CVE-2015-1026 | 0.00 | — | 0.04 | Mar 11, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText… |
- risk 0.40cvss 6.1epss 0.01
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
- risk 0.40cvss 6.1epss 0.01
Zoho ManageEngine ADManager Plus before 7066 allows XSS.
- risk 0.38cvss 5.4epss 0.05
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
- risk 0.35cvss 5.4epss 0.02
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
- risk 0.35cvss 5.3epss 0.02
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
- risk 0.32cvss 4.9epss 0.04
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
- risk 0.32cvss 4.9epss 0.03
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
- CVE-2015-1026Mar 11, 2015risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText…
Page 3 of 3