Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opmanager vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2007-5891
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the proven...
Manageengine Opmanager Msp
Manageengine Opmanager 7.0
668
VMScore
CVE-2021-3287
Zoho ManageEngine OpManager prior to 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
NA
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager
668
VMScore
CVE-2022-29535
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
668
VMScore
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
578
VMScore
CVE-2022-27908
Zoho ManageEngine OpManager prior to 125588 (and prior to 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
755
VMScore
CVE-2014-6035
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and previous versions allows remote malicious users to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 11.4
1 EDB exploit
668
VMScore
CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
445
VMScore
CVE-2020-13818
In Zoho ManageEngine OpManager prior to 125144, when <cachestart> is used, directory traversal validation can be bypassed.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
445
VMScore
CVE-2020-11527
In Zoho ManageEngine OpManager prior to 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »