Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
Zohocorp Manageengine Supportcenter Plus 11.0
NA
CVE-2022-43671
Zoho ManageEngine Password Manager Pro prior to 12122, PAM360 prior to 5711, and Access Manager Plus prior to 4306 allow SQL Injection.
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
NA
CVE-2022-43672
Zoho ManageEngine Password Manager Pro prior to 12122, PAM360 prior to 5711, and Access Manager Plus prior to 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.7
NA
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus prior to 10.1.2207.5, the User Administration module allows privilege escalation.
Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4
NA
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP prior to 10609 and SupportCenter Plus prior to 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
NA
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
Zohocorp Zoho Crm Lead Magnet
NA
CVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 prior to 12121, PAM360 through 5550 prior to 5600, and Access Manager Plus through 4304 prior to 4305 have multiple SQL injection vulnerabilities.
Zohocorp Manageengine Password Manager Pro 5.4
Zohocorp Manageengine Password Manager Pro 6.3
Zohocorp Manageengine Password Manager Pro 5.3
Zohocorp Manageengine Password Manager Pro 6.4
Zohocorp Manageengine Password Manager Pro 6.9
Zohocorp Manageengine Password Manager Pro 6.0
Zohocorp Manageengine Password Manager Pro 6.2
Zohocorp Manageengine Password Manager Pro 6.5
Zohocorp Manageengine Password Manager Pro 5.0
Zohocorp Manageengine Password Manager Pro 5.1
Zohocorp Manageengine Password Manager Pro 5.2
Zohocorp Manageengine Password Manager Pro 6.1
Zohocorp Manageengine Password Manager Pro 6.6
Zohocorp Manageengine Password Manager Pro 6.7
Zohocorp Manageengine Password Manager Pro 6.8
Zohocorp Manageengine Password Manager Pro 7.0
Zohocorp Manageengine Access Manager Plus 4.1
Zohocorp Manageengine Access Manager Plus 4.2
Zohocorp Manageengine Password Manager Pro 10.0
Zohocorp Manageengine Password Manager Pro 10.1
Zohocorp Manageengine Password Manager Pro 10.2
Zohocorp Manageengine Password Manager Pro 10.3
NA
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils prior to 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
NA
CVE-2020-21642
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus prior to 4350 allows remote malicious users to run arbitrary code.
Zohocorp Manageengine Analytics Plus 2.9
Zohocorp Manageengine Analytics Plus 3.0
Zohocorp Manageengine Analytics Plus 3.1
Zohocorp Manageengine Analytics Plus 3.2
Zohocorp Manageengine Analytics Plus 3.3
Zohocorp Manageengine Analytics Plus 3.4
Zohocorp Manageengine Analytics Plus 3.5
Zohocorp Manageengine Analytics Plus 3.6
Zohocorp Manageengine Analytics Plus 3.7
Zohocorp Manageengine Analytics Plus 3.8
Zohocorp Manageengine Analytics Plus 3.9
Zohocorp Manageengine Analytics Plus 4.0
Zohocorp Manageengine Analytics Plus 4.1
Zohocorp Manageengine Analytics Plus 4.2
Zohocorp Manageengine Analytics Plus 4.3
NA
CVE-2020-21641
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus prior to 4.3.5 allows remote malicious users to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.
Zohocorp Manageengine Analytics Plus
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »