Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine applications manager vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-38333
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
Zohocorp Manageengine Applications Manager 16.5
Zohocorp Manageengine Applications Manager
6.1
CVSSv3
CVE-2023-29442
Zoho ManageEngine Applications Manager prior to 16400 allows proxy.html DOM XSS.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 16.3
6.5
CVSSv3
CVE-2023-28340
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 16.3
6.1
CVSSv3
CVE-2023-28341
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
Zohocorp Manageengine Applications Manager 16.3
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 15.9
9.8
CVSSv3
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Analytics Plus 5.1
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.4
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
2 Metasploit modules
6 Github repositories
1 Article
7.2
CVSSv3
CVE-2022-23050
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
Zohocorp Manageengine Applications Manager 15.5
Zohocorp Manageengine Applications Manager
8.8
CVSSv3
CVE-2020-28679
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated malicious users to execute a SQL injection via a crafted request.
Zohocorp Manageengine Applications Manager 11.0
Zohocorp Manageengine Applications Manager 11.1
Zohocorp Manageengine Applications Manager 11.2
Zohocorp Manageengine Applications Manager 11.3
Zohocorp Manageengine Applications Manager 11.4
Zohocorp Manageengine Applications Manager 11.5
Zohocorp Manageengine Applications Manager 11.6
Zohocorp Manageengine Applications Manager 11.7
Zohocorp Manageengine Applications Manager 11.8
Zohocorp Manageengine Applications Manager 11.9
Zohocorp Manageengine Applications Manager 12.0
Zohocorp Manageengine Applications Manager 12.1
Zohocorp Manageengine Applications Manager 12.2
Zohocorp Manageengine Applications Manager 12.3
Zohocorp Manageengine Applications Manager 12.5
Zohocorp Manageengine Applications Manager 12.6
Zohocorp Manageengine Applications Manager 12.7
Zohocorp Manageengine Applications Manager 12.8
Zohocorp Manageengine Applications Manager 12.9
Zohocorp Manageengine Applications Manager 13.0
Zohocorp Manageengine Applications Manager 13.1
Zohocorp Manageengine Applications Manager 13.2
9.8
CVSSv3
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows malicious users to gain escalated privileges via the resourceid parameter.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.5
6.5
CVSSv3
CVE-2021-35512
An SSRF issue exists in Zoho ManageEngine Applications Manager build 15200.
Zohocorp Manageengine Applications Manager 15.2
5.4
CVSSv3
CVE-2021-31813
Zoho ManageEngine Applications Manager prior to 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 15.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »