Vendor CVEs
Manageengine
All CVEs
296 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49332 | 0.00 | — | 0.03 | May 20, 2024 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. | |||
| CVE-2023-49331 | 0.00 | — | 0.03 | May 20, 2024 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. | |||
| CVE-2024-27312 | 0.00 | — | 0.01 | May 20, 2024 | Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. | |||
| CVE-2023-49330 | 0.00 | — | 0.02 | May 20, 2024 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. | |||
| CVE-2024-21775 | 0.00 | — | 0.05 | Feb 16, 2024 | Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. | |||
| CVE-2023-46596 | 0.00 | — | 0.00 | Feb 15, 2024 | Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code.… | |||
| CVE-2024-0269 | 0.00 | — | 0.05 | Feb 2, 2024 | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | |||
| CVE-2024-0253 | 0.00 | — | 0.05 | Feb 2, 2024 | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | |||
| CVE-2023-6105 | 0.00 | — | 0.01 | Nov 15, 2023 | An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt… | |||
| CVE-2023-4769 | 0.00 | — | 0.03 | Nov 3, 2023 | A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other… | |||
| CVE-2023-4768 | 0.00 | — | 0.03 | Nov 3, 2023 | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in… | |||
| CVE-2023-4767 | 0.00 | — | 0.03 | Nov 3, 2023 | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in… | |||
| CVE-2023-41356 | 0.00 | — | 0.01 | Nov 3, 2023 | NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | |||
| CVE-2023-41344 | 0.00 | — | 0.01 | Nov 3, 2023 | NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | |||
| CVE-2023-35719 | 0.00 | — | 0.26 | Sep 6, 2023 | ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus.… | |||
| CVE-2023-35785 | 0.00 | — | 0.02 | Aug 28, 2023 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and… | |||
| CVE-2023-38331 | 0.00 | — | 0.02 | Jul 28, 2023 | Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. | |||
| CVE-2023-35786 | 0.00 | — | 0.03 | Jul 5, 2023 | Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | |||
| CVE-2023-2291 | 0.00 | — | 0.01 | Apr 26, 2023 | Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their… | |||
| CVE-2023-26600 | 0.00 | — | 0.06 | Mar 6, 2023 | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | |||
| CVE-2022-48362 | 0.00 | — | 0.09 | Feb 25, 2023 | Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker… | |||
| CVE-2022-47578 | 0.00 | — | 0.01 | Dec 20, 2022 | An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the… | |||
| CVE-2022-41339 | 0.00 | — | 0.01 | Nov 12, 2022 | In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | |||
| CVE-2022-40773 | 0.00 | — | 0.05 | Nov 12, 2022 | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | |||
| CVE-2022-36783 | 0.00 | — | 0.00 | Oct 25, 2022 | AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim).… | |||
| CVE-2022-36412 | 0.00 | — | 0.06 | Jul 26, 2022 | In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.) | |||
| CVE-2022-35404 | 0.00 | — | 0.04 | Jul 18, 2022 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | |||
| CVE-2022-35403 | 0.00 | — | 0.07 | Jul 12, 2022 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with… | |||
| CVE-2022-26653 | 0.00 | — | 0.02 | Apr 16, 2022 | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | |||
| CVE-2022-26777 | 0.00 | — | 0.02 | Apr 16, 2022 | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | |||
| CVE-2022-24306 | 0.00 | — | 0.02 | Mar 2, 2022 | Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | |||
| CVE-2021-46166 | 0.00 | — | 0.03 | Jan 9, 2022 | Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | |||
| CVE-2021-20148 | 0.00 | — | 0.01 | Jan 3, 2022 | ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password… | |||
| CVE-2021-44514 | 0.00 | — | 0.05 | Dec 9, 2021 | OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | |||
| CVE-2020-19554 | 0.00 | — | 0.01 | Sep 21, 2021 | Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | |||
| CVE-2021-37741 | 0.00 | — | 0.03 | Sep 21, 2021 | ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | |||
| CVE-2021-40173 | 0.00 | — | 0.01 | Aug 29, 2021 | Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | |||
| CVE-2021-40178 | 0.00 | — | 0.01 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | |||
| CVE-2021-31857 | 0.00 | — | 0.03 | Jun 16, 2021 | In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | |||
| CVE-2020-35682 | 0.00 | — | 0.07 | Mar 13, 2021 | Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | |||
| CVE-2019-16962 | 0.00 | — | 0.02 | Jan 6, 2021 | Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. | |||
| CVE-2020-14811 | 0.00 | — | 0.01 | Oct 21, 2020 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via… | |||
| CVE-2020-14761 | 0.00 | — | 0.01 | Oct 21, 2020 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network… | |||
| CVE-2020-11552 | 0.00 | — | 0.07 | Aug 11, 2020 | An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a… | |||
| CVE-2020-15302 | 0.00 | — | 0.01 | Jun 25, 2020 | In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. | |||
| CVE-2020-10541 | 0.00 | — | 0.10 | Mar 13, 2020 | Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108. | |||
| CVE-2019-19475 | 0.00 | — | 0.03 | Jan 10, 2020 | An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can… | |||
| CVE-2019-17421 | 0.00 | — | 0.01 | Nov 21, 2019 | Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. | |||
| CVE-2019-15046 | 0.00 | — | 0.05 | Aug 14, 2019 | Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | |||
| CVE-2019-2825 | 0.00 | — | 0.01 | Jul 23, 2019 | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network… |
- CVE-2023-49332May 20, 2024risk 0.00cvss —epss 0.03
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
- CVE-2023-49331May 20, 2024risk 0.00cvss —epss 0.03
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
- CVE-2024-27312May 20, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
- CVE-2023-49330May 20, 2024risk 0.00cvss —epss 0.02
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
- CVE-2024-21775Feb 16, 2024risk 0.00cvss —epss 0.05
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
- CVE-2023-46596Feb 15, 2024risk 0.00cvss —epss 0.00
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code.…
- CVE-2024-0269Feb 2, 2024risk 0.00cvss —epss 0.05
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
- CVE-2024-0253Feb 2, 2024risk 0.00cvss —epss 0.05
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
- CVE-2023-6105Nov 15, 2023risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt…
- CVE-2023-4769Nov 3, 2023risk 0.00cvss —epss 0.03
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other…
- CVE-2023-4768Nov 3, 2023risk 0.00cvss —epss 0.03
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in…
- CVE-2023-4767Nov 3, 2023risk 0.00cvss —epss 0.03
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in…
- CVE-2023-41356Nov 3, 2023risk 0.00cvss —epss 0.01
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
- CVE-2023-41344Nov 3, 2023risk 0.00cvss —epss 0.01
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
- CVE-2023-35719Sep 6, 2023risk 0.00cvss —epss 0.26
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus.…
- CVE-2023-35785Aug 28, 2023risk 0.00cvss —epss 0.02
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and…
- CVE-2023-38331Jul 28, 2023risk 0.00cvss —epss 0.02
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
- CVE-2023-35786Jul 5, 2023risk 0.00cvss —epss 0.03
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
- CVE-2023-2291Apr 26, 2023risk 0.00cvss —epss 0.01
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their…
- CVE-2023-26600Mar 6, 2023risk 0.00cvss —epss 0.06
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
- CVE-2022-48362Feb 25, 2023risk 0.00cvss —epss 0.09
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker…
- CVE-2022-47578Dec 20, 2022risk 0.00cvss —epss 0.01
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the…
- CVE-2022-41339Nov 12, 2022risk 0.00cvss —epss 0.01
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.
- CVE-2022-40773Nov 12, 2022risk 0.00cvss —epss 0.05
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
- CVE-2022-36783Oct 25, 2022risk 0.00cvss —epss 0.00
AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim).…
- CVE-2022-36412Jul 26, 2022risk 0.00cvss —epss 0.06
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)
- CVE-2022-35404Jul 18, 2022risk 0.00cvss —epss 0.04
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
- CVE-2022-35403Jul 12, 2022risk 0.00cvss —epss 0.07
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with…
- CVE-2022-26653Apr 16, 2022risk 0.00cvss —epss 0.02
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
- CVE-2022-26777Apr 16, 2022risk 0.00cvss —epss 0.02
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
- CVE-2022-24306Mar 2, 2022risk 0.00cvss —epss 0.02
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
- CVE-2021-46166Jan 9, 2022risk 0.00cvss —epss 0.03
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.
- CVE-2021-20148Jan 3, 2022risk 0.00cvss —epss 0.01
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password…
- CVE-2021-44514Dec 9, 2021risk 0.00cvss —epss 0.05
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
- CVE-2020-19554Sep 21, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
- CVE-2021-37741Sep 21, 2021risk 0.00cvss —epss 0.03
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
- CVE-2021-40173Aug 29, 2021risk 0.00cvss —epss 0.01
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
- CVE-2021-40178Aug 29, 2021risk 0.00cvss —epss 0.01
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
- CVE-2021-31857Jun 16, 2021risk 0.00cvss —epss 0.03
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.
- CVE-2020-35682Mar 13, 2021risk 0.00cvss —epss 0.07
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
- CVE-2019-16962Jan 6, 2021risk 0.00cvss —epss 0.02
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
- CVE-2020-14811Oct 21, 2020risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- CVE-2020-14761Oct 21, 2020risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network…
- CVE-2020-11552Aug 11, 2020risk 0.00cvss —epss 0.07
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a…
- CVE-2020-15302Jun 25, 2020risk 0.00cvss —epss 0.01
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover.
- CVE-2020-10541Mar 13, 2020risk 0.00cvss —epss 0.10
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.
- CVE-2019-19475Jan 10, 2020risk 0.00cvss —epss 0.03
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can…
- CVE-2019-17421Nov 21, 2019risk 0.00cvss —epss 0.01
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
- CVE-2019-15046Aug 14, 2019risk 0.00cvss —epss 0.05
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
- CVE-2019-2825Jul 23, 2019risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network…
Page 5 of 6