Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine applications manager vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-11469
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
Zohocorp Manageengine Applications Manager
10
CVSSv2
CVE-2019-11448
An issue exists in Zoho ManageEngine Applications Manager 11.0 up to and including 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text ...
Zohocorp Manageengine Applications Manager
10
CVSSv2
CVE-2016-9498
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating syste...
Zohocorp Manageengine Applications Manager 13.0
Zohocorp Manageengine Applications Manager 12.0
10
CVSSv2
CVE-2018-11808
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an malicious user to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM...
Zohocorp Manageengine Applications Manager 13
1 Github repository
10
CVSSv2
CVE-2018-7890
A remote code execution issue exists in Zoho ManageEngine Applications Manager prior to 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls severa...
Zohocorp Manageengine Applications Manager
1 EDB exploit
9.3
CVSSv2
CVE-2018-16364
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
Zohocorp Manageengine Applications Manager 13.7
9
CVSSv2
CVE-2019-19475
An issue exists in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit...
Zohocorp Manageengine Applications Manager 14.3
9
CVSSv2
CVE-2019-15104
An issue exists in Zoho ManageEngine OpManager up to and including 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently...
Zohocorp Manageengine Applications Manager
9
CVSSv2
CVE-2019-15105
An issue exists in Zoho ManageEngine Application Manager up to and including 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can con...
Zohocorp Manageengine Applications Manager
7.5
CVSSv2
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows malicious users to gain escalated privileges via the resourceid parameter.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »