Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
Zohocorp Manageengine Supportcenter Plus 11.0
9.8
CVSSv3
CVE-2022-43671
Zoho ManageEngine Password Manager Pro prior to 12122, PAM360 prior to 5711, and Access Manager Plus prior to 4306 allow SQL Injection.
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
9.8
CVSSv3
CVE-2022-43672
Zoho ManageEngine Password Manager Pro prior to 12122, PAM360 prior to 5711, and Access Manager Plus prior to 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.7
7.8
CVSSv3
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus prior to 10.1.2207.5, the User Administration module allows privilege escalation.
Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4
8.8
CVSSv3
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP prior to 10609 and SupportCenter Plus prior to 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
6.5
CVSSv3
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
Zohocorp Zoho Crm Lead Magnet
9.8
CVSSv3
CVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 prior to 12121, PAM360 through 5550 prior to 5600, and Access Manager Plus through 4304 prior to 4305 have multiple SQL injection vulnerabilities.
Zohocorp Manageengine Password Manager Pro 5.4
Zohocorp Manageengine Password Manager Pro 6.3
Zohocorp Manageengine Password Manager Pro 5.3
Zohocorp Manageengine Password Manager Pro 6.4
Zohocorp Manageengine Password Manager Pro 6.9
Zohocorp Manageengine Password Manager Pro 6.0
Zohocorp Manageengine Password Manager Pro 6.2
Zohocorp Manageengine Password Manager Pro 6.5
Zohocorp Manageengine Password Manager Pro 5.0
Zohocorp Manageengine Password Manager Pro 5.1
Zohocorp Manageengine Password Manager Pro 5.2
Zohocorp Manageengine Password Manager Pro 6.1
Zohocorp Manageengine Password Manager Pro 6.6
Zohocorp Manageengine Password Manager Pro 6.7
Zohocorp Manageengine Password Manager Pro 6.8
Zohocorp Manageengine Password Manager Pro 7.0
Zohocorp Manageengine Access Manager Plus 4.1
Zohocorp Manageengine Access Manager Plus 4.2
Zohocorp Manageengine Password Manager Pro 10.0
Zohocorp Manageengine Password Manager Pro 10.1
Zohocorp Manageengine Password Manager Pro 10.2
Zohocorp Manageengine Password Manager Pro 10.3
8.8
CVSSv3
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils prior to 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
7.5
CVSSv3
CVE-2020-21641
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus prior to 4.3.5 allows remote malicious users to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.
Zohocorp Manageengine Analytics Plus
9.8
CVSSv3
CVE-2020-21642
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus prior to 4350 allows remote malicious users to run arbitrary code.
Zohocorp Manageengine Analytics Plus 2.9
Zohocorp Manageengine Analytics Plus 3.0
Zohocorp Manageengine Analytics Plus 3.1
Zohocorp Manageengine Analytics Plus 3.2
Zohocorp Manageengine Analytics Plus 3.3
Zohocorp Manageengine Analytics Plus 3.4
Zohocorp Manageengine Analytics Plus 3.5
Zohocorp Manageengine Analytics Plus 3.6
Zohocorp Manageengine Analytics Plus 3.7
Zohocorp Manageengine Analytics Plus 3.8
Zohocorp Manageengine Analytics Plus 3.9
Zohocorp Manageengine Analytics Plus 4.0
Zohocorp Manageengine Analytics Plus 4.1
Zohocorp Manageengine Analytics Plus 4.2
Zohocorp Manageengine Analytics Plus 4.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »