Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opmanager vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-17283
Zoho ManageEngine OpManager prior to 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser o...
Zohocorp Manageengine Opmanager
7.5
CVSSv2
CVE-2019-15106
An issue exists in Zoho ManageEngine OpManager in builds prior to 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is ad...
Zohocorp Manageengine Opmanager
NA
CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils prior to 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execut...
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Firewall Analyzer 12.5
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Firewall Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Plus 12.5
Zohocorp Manageengine Opmanager Plus 12.6
NA
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils prior to 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated malicious users to obtain a user's AP...
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Firewall Analyzer 12.5
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Firewall Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
Zohocorp Manageengine Opmanager Msp 12.6
1 Github repository
7.5
CVSSv2
CVE-2021-44514
OpUtils in Zoho ManageEngine OpManager 12.5 prior to 125490 mishandles authentication for a few audit directories.
Zohocorp Manageengine Opmanager 12.5
7.5
CVSSv2
CVE-2018-18475
Zoho ManageEngine OpManager prior to 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
Zohocorp Manageengine Opmanager 12.3
5
CVSSv2
CVE-2017-11559
An issue exists in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
Zohocorp Manageengine Opmanager 12.2
3.5
CVSSv2
CVE-2017-11560
An issue exists in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the a...
Zohocorp Manageengine Opmanager 12.2
4
CVSSv2
CVE-2017-11561
An issue exists in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
Zohocorp Manageengine Opmanager 12.2
5.8
CVSSv2
CVE-2006-2343
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote malicious users to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party in...
Adventnet Manageengine Opmanager 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »