VYPR

ManageEngine ITOM

by Zoho

CVEs (9)

  • CVE-2017-16851CriNov 16, 2017
    risk 0.65cvss 9.8epss 0.17

    Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.

  • CVE-2017-16850CriNov 16, 2017
    risk 0.65cvss 9.8epss 0.17

    Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.

  • CVE-2017-16849CriNov 16, 2017
    risk 0.65cvss 9.8epss 0.17

    Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.

  • CVE-2017-16847CriNov 16, 2017
    risk 0.65cvss 9.8epss 0.17

    Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.

  • CVE-2017-16846CriNov 16, 2017
    risk 0.65cvss 9.8epss 0.17

    Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.

  • CVE-2017-16542HigNov 5, 2017
    risk 0.61cvss 8.8epss 0.05

    Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.

  • CVE-2024-36038MedJun 24, 2024
    risk 0.41cvss 6.3epss 0.01

    Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option.

  • CVE-2014-6036Dec 4, 2014
    risk 0.06cvss epss 0.39

    Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the…

  • CVE-2014-7864Feb 4, 2015
    risk 0.05cvss epss 0.23

    Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1)…