VYPR

Manageengine Assetexplorer

by Zohocorp

CVEs (14)

  • CVE-2015-2169Jun 24, 2015
    risk 0.04cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.

  • CVE-2019-19034Mar 23, 2020
    risk 0.02cvss epss 0.06

    Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT…

  • CVE-2021-20080Apr 9, 2021
    risk 0.01cvss epss 0.93

    Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.

  • CVE-2023-29443Apr 26, 2023
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

  • CVE-2020-8838Mar 23, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines…

  • CVE-2019-12959Aug 8, 2019
    risk 0.00cvss epss 0.03

    Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.

  • CVE-2019-12994Aug 8, 2019
    risk 0.00cvss epss 0.04

    Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.

  • CVE-2019-14693Aug 8, 2019
    risk 0.00cvss epss 0.04

    Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2019-12537Jul 11, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.

  • CVE-2019-12595Jul 11, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.

  • CVE-2019-12596Jul 11, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.

  • CVE-2019-12597Jul 11, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.

  • CVE-2015-5061Jun 24, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.

  • CVE-2012-5956Dec 11, 2012
    risk 0.00cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the…