Manageengine Applications Manager
Sign in to watchby Zohocorp
CVEs (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16543 | Cri | 0.67 | 9.8 | 0.02 | Nov 5, 2017 | Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | |
| CVE-2017-16851 | Cri | 0.65 | 9.8 | 0.12 | Nov 16, 2017 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |
| CVE-2017-16850 | Cri | 0.65 | 9.8 | 0.12 | Nov 16, 2017 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | |
| CVE-2017-16849 | Cri | 0.65 | 9.8 | 0.12 | Nov 16, 2017 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |
| CVE-2017-16847 | Cri | 0.65 | 9.8 | 0.12 | Nov 16, 2017 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |
| CVE-2017-16846 | Cri | 0.65 | 9.8 | 0.12 | Nov 16, 2017 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |
| CVE-2017-16848 | Cri | 0.64 | 9.8 | 0.09 | Nov 16, 2017 | Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |
| CVE-2017-16542 | Hig | 0.60 | 8.8 | 0.01 | Nov 5, 2017 | Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. |