VYPR

Opmanager

by Manageengine

CVEs (33)

  • CVE-2025-9226MedJan 30, 2026
    risk 0.30cvss 4.6epss 0.00

    Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.

  • CVE-2024-38870LowJul 17, 2024
    risk 0.23cvss 3.5epss 0.00

    Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.

  • CVE-2020-28653Feb 3, 2021
    risk 0.10cvss epss 0.79

    Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

  • CVE-2014-7863Feb 8, 2020
    risk 0.10cvss epss 0.83

    The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users…

  • CVE-2020-12116May 7, 2020
    risk 0.07cvss epss 0.97

    Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

  • CVE-2023-47211Jan 8, 2024
    risk 0.06cvss epss 0.47

    A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

  • CVE-2020-13818Jun 4, 2020
    risk 0.06cvss epss 0.37

    In Zoho ManageEngine OpManager before 125144, when is used, directory traversal validation can be bypassed.

  • CVE-2023-31099May 4, 2023
    risk 0.05cvss epss 0.82

    Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.

  • CVE-2020-11946Apr 20, 2020
    risk 0.05cvss epss 0.52

    Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

  • CVE-2022-37024Aug 9, 2022
    risk 0.04cvss epss 0.78

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code…

  • CVE-2021-20078Apr 1, 2021
    risk 0.04cvss epss 0.60

    Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

  • CVE-2022-38772Aug 29, 2022
    risk 0.03cvss epss 0.78

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.

  • CVE-2007-3594Jul 6, 2007
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4)…

  • CVE-2022-43473Mar 30, 2023
    risk 0.02cvss epss 0.20

    A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

  • CVE-2022-36923Aug 10, 2022
    risk 0.02cvss epss 0.08

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and…

  • CVE-2022-29535May 5, 2022
    risk 0.02cvss epss 0.93

    Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.

  • CVE-2018-18980Nov 6, 2018
    risk 0.02cvss epss 0.25

    An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local…

  • CVE-2020-11527Apr 4, 2020
    risk 0.01cvss epss 0.09

    In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.

  • CVE-2017-11559May 23, 2019
    risk 0.01cvss epss 0.04

    An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.

  • CVE-2018-20173Dec 17, 2018
    risk 0.01cvss epss 0.24

    Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.

Page 1 of 2