Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoho vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
Zohocorp Manageengine Opmanager 12.3
5.3
CVSSv3
CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP prior to 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
1 Github repository
4.8
CVSSv3
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
Zohocorp Manageengine Servicedesk Plus
6.5
CVSSv3
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10012 allows remote malicious users to upload arbitrary files via login page customization.
Zohocorp Manageengine Servicedesk Plus
1 EDB exploit
6.1
CVSSv3
CVE-2019-12189
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2022-35405
Zoho ManageEngine Password Manager Pro prior to 12101 and PAM360 prior to 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus prior to 4303 with authentication.)
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.5
1 Github repository
6.1
CVSSv3
CVE-2018-20339
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
Zohocorp Manageengine Opmanager 12.3
6.1
CVSSv3
CVE-2019-12542
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 Github repository
5.3
CVSSv3
CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
Zohocorp Manageengine Servicedesk Plus
7.5
CVSSv3
CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 prior to 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
Zohocorp Manageengine Servicedesk Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »