Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-11527
In Zoho ManageEngine OpManager prior to 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.4
9.1
CVSSv3
CVE-2021-20078
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote malicious user to remotely delete any directory or directories on the OS.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
NA
CVE-2015-7766
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and previous versions allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Zohocorp Manageengine Opmanager 11.6
Zohocorp Manageengine Opmanager
1 EDB exploit
9.8
CVSSv3
CVE-2021-20136
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled data...
Zohocorp Manageengine Log360 5.3
Zohocorp Manageengine Log360
8.8
CVSSv3
CVE-2021-40172
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
8.8
CVSSv3
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
9.8
CVSSv3
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
6.1
CVSSv3
CVE-2021-40176
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
6.1
CVSSv3
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.2
9.8
CVSSv3
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger prior to 125455 is vulnerable to SQL Injection in the Attacks Module API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »