Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-28959
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
9.8
CVSSv3
CVE-2021-3287
Zoho ManageEngine OpManager prior to 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
9.8
CVSSv3
CVE-2020-29658
Zoho ManageEngine Application Control Plus prior to 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.
Zohocorp Manageengine Applications Control Plus
9.8
CVSSv3
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
9.8
CVSSv3
CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 prior to 14560 allows an malicious user to execute commands on the server via the MyPage.do template_resid parameter.
Zohocorp Manageengine Applications Manager 14.0
9.8
CVSSv3
CVE-2020-15533
In Zoho ManageEngine Application Manager 14.7 Build 14730 (prior to 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.6
Zohocorp Manageengine Applications Manager 14.7
9.8
CVSSv3
CVE-2018-5353
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus prior to 5.5 build 5517 allows remote malicious users to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker ...
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 5.5
1 Github repository
9.8
CVSSv3
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
1 Github repository
9.8
CVSSv3
CVE-2020-24786
An issue exists in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before bu...
Zohocorp Manageengine Adselfservice Plus 5.8
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Exchange Reporter Plus
Zohocorp Manageengine Exchange Reporter Plus 5.5
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.2
Zohocorp Manageengine Datasecurity Plus
Zohocorp Manageengine Datasecurity Plus 6.0
Zohocorp Manageengine Recovermanager Plus
Zohocorp Manageengine Recovermanager Plus 6.0
Zohocorp Manageengine Eventlog Analyzer 12.1.3
Zohocorp Manageengine Eventlog Analyzer
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Adaudit Plus 6.0
Zohocorp Manageengine O365 Manager Plus 4.3
Zohocorp Manageengine O365 Manager Plus
Zohocorp Manageengine Cloud Security Plus
Zohocorp Manageengine Cloud Security Plus 4.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.0
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.1
9.8
CVSSv3
CVE-2020-11552
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated malicious user to escalate privileges o...
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »