Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-24978
Zoho ManageEngine ADAudit Plus prior to 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
5.3
CVSSv3
CVE-2022-25245
Zoho ManageEngine ServiceDesk Plus prior to 13001 allows anyone to know the organisation's default currency name.
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 13.0
6.5
CVSSv3
CVE-2022-24447
An issue exists in Zoho ManageEngine Key Manager Plus prior to 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
Zohocorp Manageengine Key Manager Plus 6.0
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.1
5.3
CVSSv3
CVE-2022-23779
Zoho ManageEngine Desktop Central prior to 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
Zohocorp Manageengine Desktop Central
2 Github repositories
9.8
CVSSv3
CVE-2022-24305
Zoho ManageEngine SharePoint Manager Plus prior to 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
Zohocorp Manageengine Sharepoint Manager Plus -
9.8
CVSSv3
CVE-2022-24306
Zoho ManageEngine SharePoint Manager Plus prior to 4329 allows account takeover because authorization is mishandled.
Zohocorp Manageengine Sharepoint Manager Plus -
4.3
CVSSv3
CVE-2022-24446
An issue exists in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
Zohocorp Manageengine Key Manager Plus 6.1.6
6.5
CVSSv3
CVE-2022-23863
Zoho ManageEngine Desktop Central prior to 10.1.2137.10 allows an authenticated user to change any user's login password.
Zohocorp Manageengine Desktop Central
4.8
CVSSv3
CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an malicious users to inject arbitrary JavaScript code.
Zohocorp Manageengine Servicedesk Plus 11.3
9.1
CVSSv3
CVE-2021-44757
Zoho ManageEngine Desktop Central prior to 10.1.2137.9 and Desktop Central MSP prior to 10.1.2137.9 allow malicious users to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
Zohocorp Manageengine Desktop Central
Zohocorp Manageengine Desktop Central Managed Service Providers
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »