Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine opmanager vulnerabilities and exploits
(subscribe to this query)
9.4
CVSSv2
CVE-2021-20078
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote malicious user to remotely delete any directory or directories on the OS.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
9
CVSSv2
CVE-2019-15104
An issue exists in Zoho ManageEngine OpManager up to and including 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently...
Zohocorp Manageengine Applications Manager
9
CVSSv2
CVE-2015-7766
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and previous versions allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Zohocorp Manageengine Opmanager 11.6
Zohocorp Manageengine Opmanager
1 EDB exploit
9
CVSSv2
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and previous versions uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Zohocorp Manageengine Opmanager 11.5
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2022-29535
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv2
CVE-2021-44514
OpUtils in Zoho ManageEngine OpManager 12.5 prior to 125490 mishandles authentication for a few audit directories.
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv2
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger prior to 125455 is vulnerable to SQL Injection in the Attacks Module API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv2
CVE-2021-40493
Zoho ManageEngine OpManager prior to 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv2
CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv2
CVE-2021-3287
Zoho ManageEngine OpManager prior to 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »