Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine opmanager vulnerabilities and exploits
(subscribe to this query)
760
VMScore
CVE-2014-7868
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the A...
Zohocorp Manageengine Social It Plus 11.0
Zohocorp Manageengine Opmanager 11.3
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine It360 10.4
Zohocorp Manageengine It360 10.3.0
2 EDB exploits
383
VMScore
CVE-2020-19554
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
Manageengine Opmanager
668
VMScore
CVE-2020-10541
Zoho ManageEngine OpManager prior to 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.
Zohocorp Manageengine Opmanager
445
VMScore
CVE-2018-17283
Zoho ManageEngine OpManager prior to 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser o...
Zohocorp Manageengine Opmanager
668
VMScore
CVE-2018-17243
Global Search in Zoho ManageEngine OpManager prior to 12.3 123205 allows SQL Injection.
Zohocorp Manageengine Opmanager
668
VMScore
CVE-2019-15106
An issue exists in Zoho ManageEngine OpManager in builds prior to 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is ad...
Zohocorp Manageengine Opmanager
505
VMScore
CVE-2014-7863
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager prior to 11.9 build 11912, OpManager 8 up to and including 11.5 build 11400, and IT360 10.5 and previous versions does not properly restrict access, which allows remote attackers and rem...
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine It360
Zohocorp Manageengine Opmanager
1 EDB exploit
445
VMScore
CVE-2018-18980
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager prior to 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local...
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Network Configuration Manager
383
VMScore
CVE-2018-18262
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
Zohocorp Manageengine Opmanager 12.3
445
VMScore
CVE-2017-11559
An issue exists in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
Zohocorp Manageengine Opmanager 12.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »