Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine opmanager - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-10541
Zoho ManageEngine OpManager prior to 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.
Zohocorp Manageengine Opmanager
7.5
CVSSv2
CVE-2018-20173
Zoho ManageEngine OpManager 12.3 prior to 123238 allows SQL injection via the getGraphData API.
Zohocorp Manageengine Opmanager 12.3
7.5
CVSSv2
CVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
Zohocorp Manageengine Opmanager 12.3
4.3
CVSSv2
CVE-2018-20339
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
Zohocorp Manageengine Opmanager 12.3
5
CVSSv2
CVE-2020-11946
Zoho ManageEngine OpManager prior to 125120 allows an unauthenticated user to retrieve an API key via a servlet call.
Zohocorp Manageengine Opmanager 12.5
4.3
CVSSv2
CVE-2018-18715
Zoho ManageEngine OpManager 12.3 prior to 123219 has stored XSS.
Zohocorp Manageengine Opmanager 12.3
9
CVSSv2
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and previous versions uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Zohocorp Manageengine Opmanager 11.5
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2018-18475
Zoho ManageEngine OpManager prior to 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
Zohocorp Manageengine Opmanager 12.3
5
CVSSv2
CVE-2017-11559
An issue exists in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
Zohocorp Manageengine Opmanager 12.2
3.5
CVSSv2
CVE-2017-11560
An issue exists in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the a...
Zohocorp Manageengine Opmanager 12.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »