Opmanager
by Manageengine
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18949 | 0.01 | — | 0.24 | Nov 5, 2018 | Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | |||
| CVE-2022-35404 | 0.00 | — | 0.04 | Jul 18, 2022 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | |||
| CVE-2021-44514 | 0.00 | — | 0.05 | Dec 9, 2021 | OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | |||
| CVE-2020-19554 | 0.00 | — | 0.01 | Sep 21, 2021 | Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | |||
| CVE-2020-10541 | 0.00 | — | 0.10 | Mar 13, 2020 | Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108. | |||
| CVE-2019-17421 | 0.00 | — | 0.01 | Nov 21, 2019 | Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. | |||
| CVE-2017-11560 | 0.00 | — | 0.01 | May 23, 2019 | An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted… | |||
| CVE-2017-11561 | 0.00 | — | 0.02 | May 23, 2019 | An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell. | |||
| CVE-2018-20338 | 0.00 | — | 0.12 | Dec 21, 2018 | Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | |||
| CVE-2018-19921 | 0.00 | — | 0.02 | Dec 6, 2018 | Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | |||
| CVE-2018-19288 | 0.00 | — | 0.02 | Nov 15, 2018 | Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | |||
| CVE-2007-5891 | 0.00 | — | 0.01 | Nov 8, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance… | |||
| CVE-2006-2343 | 0.00 | — | 0.01 | May 12, 2006 | Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party… |
- CVE-2018-18949Nov 5, 2018risk 0.01cvss —epss 0.24
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
- CVE-2022-35404Jul 18, 2022risk 0.00cvss —epss 0.04
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
- CVE-2021-44514Dec 9, 2021risk 0.00cvss —epss 0.05
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
- CVE-2020-19554Sep 21, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
- CVE-2020-10541Mar 13, 2020risk 0.00cvss —epss 0.10
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.
- CVE-2019-17421Nov 21, 2019risk 0.00cvss —epss 0.01
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
- CVE-2017-11560May 23, 2019risk 0.00cvss —epss 0.01
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted…
- CVE-2017-11561May 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
- CVE-2018-20338Dec 21, 2018risk 0.00cvss —epss 0.12
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
- CVE-2018-19921Dec 6, 2018risk 0.00cvss —epss 0.02
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
- CVE-2018-19288Nov 15, 2018risk 0.00cvss —epss 0.02
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
- CVE-2007-5891Nov 8, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance…
- CVE-2006-2343May 12, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party…
Page 2 of 2