VYPR

Applications Manager

by Manageengine

CVEs (28)

  • CVE-2016-9488CriJun 5, 2018
    risk 0.67cvss 9.8epss 0.05

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users'…

  • CVE-2016-9498CriJul 13, 2018
    risk 0.65cvss 9.8epss 0.22

    ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating…

  • CVE-2018-11808CriJun 6, 2018
    risk 0.60cvss 9.1epss 0.06

    Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by…

  • CVE-2016-9489HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.02

    In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another…

  • CVE-2018-15169MedAug 8, 2018
    risk 0.40cvss 6.1epss 0.02

    A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.

  • CVE-2018-12996MedJun 29, 2018
    risk 0.40cvss 6.1epss 0.03

    A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.

  • CVE-2016-9490MedJun 5, 2018
    risk 0.40cvss 6.1epss 0.02

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233.…

  • CVE-2016-9491MedJul 13, 2018
    risk 0.32cvss 4.9epss 0.03

    ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored…

  • CVE-2019-11469Apr 23, 2019
    risk 0.04cvss epss 0.18

    Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.

  • CVE-2008-0474Jan 29, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4)…

  • CVE-2020-24743Nov 3, 2021
    risk 0.02cvss epss 0.03

    An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.

  • CVE-2020-10816Oct 8, 2020
    risk 0.02cvss epss 0.05

    Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

  • CVE-2025-27930Jul 23, 2025
    risk 0.00cvss epss 0.00

    Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.

  • CVE-2024-41140Jan 29, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

  • CVE-2024-5678Aug 1, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

  • CVE-2020-14811Oct 21, 2020
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14761Oct 21, 2020
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2019-19475Jan 10, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can…

  • CVE-2019-2825Jul 23, 2019
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network…

  • CVE-2017-11557May 23, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.

Page 1 of 2