Admanager Plus
by Manageengine
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15740 | Med | 0.43 | 6.1 | 0.06 | Aug 28, 2018 | Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | ||
| CVE-2023-29084 | 0.11 | — | 0.98 | Apr 13, 2023 | Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | |||
| CVE-2021-20131 | 0.04 | — | 0.16 | Oct 13, 2021 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | |||
| CVE-2021-20130 | 0.04 | — | 0.32 | Oct 13, 2021 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | |||
| CVE-2024-24409 | 0.03 | — | 0.04 | Nov 8, 2024 | Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | |||
| CVE-2021-37919 | 0.03 | — | 0.11 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37921 | 0.03 | — | 0.11 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37931 | 0.03 | — | 0.09 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37929 | 0.03 | — | 0.09 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2021-37928 | 0.03 | — | 0.09 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | |||
| CVE-2018-19374 | 0.03 | — | 0.01 | Apr 30, 2019 | Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. | |||
| CVE-2012-1049 | 0.03 | — | 0.02 | Feb 13, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do. | |||
| CVE-2021-37922 | 0.02 | — | 0.02 | Oct 7, 2021 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. | |||
| CVE-2020-24786 | 0.01 | — | 0.13 | Aug 31, 2020 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer… | |||
| CVE-2024-48878 | 0.00 | — | 0.01 | Nov 4, 2024 | Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. | |||
| CVE-2023-35786 | 0.00 | — | 0.03 | Jul 5, 2023 | Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | |||
| CVE-2021-37741 | 0.00 | — | 0.03 | Sep 21, 2021 | ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | |||
| CVE-2010-5050 | 0.00 | — | 0.03 | Nov 23, 2011 | Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are… |
- risk 0.43cvss 6.1epss 0.06
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
- CVE-2023-29084Apr 13, 2023risk 0.11cvss —epss 0.98
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
- CVE-2021-20131Oct 13, 2021risk 0.04cvss —epss 0.16
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
- CVE-2021-20130Oct 13, 2021risk 0.04cvss —epss 0.32
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
- CVE-2024-24409Nov 8, 2024risk 0.03cvss —epss 0.04
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
- CVE-2021-37919Oct 7, 2021risk 0.03cvss —epss 0.11
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37921Oct 7, 2021risk 0.03cvss —epss 0.11
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37931Oct 7, 2021risk 0.03cvss —epss 0.09
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37929Oct 7, 2021risk 0.03cvss —epss 0.09
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2021-37928Oct 7, 2021risk 0.03cvss —epss 0.09
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
- CVE-2018-19374Apr 30, 2019risk 0.03cvss —epss 0.01
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
- CVE-2012-1049Feb 13, 2012risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.
- CVE-2021-37922Oct 7, 2021risk 0.02cvss —epss 0.02
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
- CVE-2020-24786Aug 31, 2020risk 0.01cvss —epss 0.13
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…
- CVE-2024-48878Nov 4, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
- CVE-2023-35786Jul 5, 2023risk 0.00cvss —epss 0.03
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
- CVE-2021-37741Sep 21, 2021risk 0.00cvss —epss 0.03
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
- CVE-2010-5050Nov 23, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are…