Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
applications manager vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-9490
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=123...
Manageengine Applications Manager 13.0
Manageengine Applications Manager 12.0
NA
CVE-2023-38333
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
Zohocorp Manageengine Applications Manager 16.5
Zohocorp Manageengine Applications Manager
6.5
CVSSv2
CVE-2020-14008
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
3.5
CVSSv2
CVE-2021-31813
Zoho ManageEngine Applications Manager prior to 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 15.1
6.5
CVSSv2
CVE-2022-23050
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
Zohocorp Manageengine Applications Manager 15.5
Zohocorp Manageengine Applications Manager
4.3
CVSSv2
CVE-2020-15521
Zoho ManageEngine Applications Manager prior to 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
7.5
CVSSv2
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
1 Github repository
7.5
CVSSv2
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows malicious users to gain escalated privileges via the resourceid parameter.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.5
NA
CVE-2023-28340
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 16.3
5
CVSSv2
CVE-2019-19799
Zoho ManageEngine Applications Manager prior to 14600 allows a remote unauthenticated malicious user to disclose license related information via WieldFeedServlet servlet.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »