Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
6.1
CVSSv3
CVE-2021-40176
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
6.1
CVSSv3
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
9.8
CVSSv3
CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
NA
CVE-2011-1509
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and previous versions uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote malicious users to obtain sensitive information by sniffing the network.
Manageengine Servicedesk Plus 8.0
Manageengine Servicedesk Plus
NA
CVE-2014-6035
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and previous versions allows remote malicious users to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 11.4
1 EDB exploit
8.8
CVSSv3
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager
9.8
CVSSv3
CVE-2019-17602
An issue exists in Zoho ManageEngine OpManager prior to 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Zohocorp Manageengine Opmanager 12.4
Zohocorp Manageengine Opmanager
9.8
CVSSv3
CVE-2021-3287
Zoho ManageEngine OpManager prior to 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
9.8
CVSSv3
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »