Manageengine Admanager Plus
by Zohocorp
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48878 | 0.00 | — | 0.01 | Nov 4, 2024 | Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. | |||
| CVE-2024-5608 | 0.00 | — | 0.01 | Oct 24, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | |||
| CVE-2024-5586 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | |||
| CVE-2024-5490 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | |||
| CVE-2024-36514 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. | |||
| CVE-2024-36515 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. | |||
| CVE-2024-36516 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. | |||
| CVE-2024-36517 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. | |||
| CVE-2024-5467 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. | |||
| CVE-2024-36034 | 0.00 | — | 0.07 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. | |||
| CVE-2024-36035 | 0.00 | — | 0.07 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. | |||
| CVE-2024-36518 | 0.00 | — | 0.03 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. | |||
| CVE-2024-5487 | 0.00 | — | 0.05 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. | |||
| CVE-2024-5527 | 0.00 | — | 0.05 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. | |||
| CVE-2015-1026 | 0.00 | — | 0.04 | Mar 11, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText… | |||
| CVE-2010-5050 | 0.00 | — | 0.03 | Nov 23, 2011 | Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are… |
- CVE-2024-48878Nov 4, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
- CVE-2024-5608Oct 24, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
- CVE-2024-5586Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
- CVE-2024-5490Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
- CVE-2024-36514Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
- CVE-2024-36515Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
- CVE-2024-36516Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
- CVE-2024-36517Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
- CVE-2024-5467Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
- CVE-2024-36034Aug 12, 2024risk 0.00cvss —epss 0.07
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.
- CVE-2024-36035Aug 12, 2024risk 0.00cvss —epss 0.07
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
- CVE-2024-36518Aug 12, 2024risk 0.00cvss —epss 0.03
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
- CVE-2024-5487Aug 12, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.
- CVE-2024-5527Aug 12, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
- CVE-2015-1026Mar 11, 2015risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText…
- CVE-2010-5050Nov 23, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are…
Page 2 of 2