Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine remote access plus vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-11552
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated malicious user to escalate privileges o...
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Adselfservice Plus 6.0
8.8
CVSSv3
CVE-2019-11361
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.
Zohocorp Manageengine Remote Access Plus 10.0.258
4.3
CVSSv3
CVE-2019-20474
An issue exists in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port...
Zohocorp Manageengine Remote Access Plus 10.0.447
4.3
CVSSv3
CVE-2020-8422
An authorization issue exists in the Credential Manager feature in Zoho ManageEngine Remote Access Plus prior to 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/...
Zohocorp Manageengine Remote Access Plus
8.8
CVSSv3
CVE-2016-4889
ZOHO ManageEngine ServiceDesk Plus prior to 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
Zohocorp Servicedesk Plus
NA
CVE-2010-3272
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 makes it easier for remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide...
Zohocorp Manageengine Adselfservice Plus
1 EDB exploit
NA
CVE-2010-3273
ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 allows remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResul...
Zohocorp Manageengine Adselfservice Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2