Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-9107
Zoho ManageEngine OpManager 11 up to and including 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a univers...
Zohocorp Manageengine Opmanager 11.6
Zohocorp Manageengine Opmanager 11.4
Zohocorp Manageengine Opmanager 12.2
Zohocorp Manageengine Opmanager 11.2
Zohocorp Manageengine Opmanager 11.1
Zohocorp Manageengine Opmanager 11.0
Zohocorp Manageengine Opmanager 11.5
Zohocorp Manageengine Opmanager 11.3
668
VMScore
CVE-2021-44525
Zoho ManageEngine PAM360 before build 5303 allows malicious users to modify a few aspects of application state because of a filter bypass in which authentication is not required.
Zohocorp Manageengine Pam360 5.3
Zohocorp Manageengine Pam360 5.2
Zohocorp Manageengine Pam360 5.1
Zohocorp Manageengine Pam360 5.0
Zohocorp Manageengine Pam360 4.5
Zohocorp Manageengine Pam360 4.1
Zohocorp Manageengine Pam360 4.0
NA
CVE-2020-21642
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus prior to 4350 allows remote malicious users to run arbitrary code.
Zohocorp Manageengine Analytics Plus 2.9
Zohocorp Manageengine Analytics Plus 3.0
Zohocorp Manageengine Analytics Plus 3.1
Zohocorp Manageengine Analytics Plus 3.2
Zohocorp Manageengine Analytics Plus 3.3
Zohocorp Manageengine Analytics Plus 3.4
Zohocorp Manageengine Analytics Plus 3.5
Zohocorp Manageengine Analytics Plus 3.6
Zohocorp Manageengine Analytics Plus 3.7
Zohocorp Manageengine Analytics Plus 3.8
Zohocorp Manageengine Analytics Plus 3.9
Zohocorp Manageengine Analytics Plus 4.0
Zohocorp Manageengine Analytics Plus 4.1
Zohocorp Manageengine Analytics Plus 4.2
Zohocorp Manageengine Analytics Plus 4.3
605
VMScore
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus prior to 12003 allows authentication bypass in certain admin configurations.
Zohocorp Manageengine Servicedesk Plus 10.0.0
Zohocorp Manageengine Servicedesk Plus 11.1
Zohocorp Manageengine Servicedesk Plus 9.1
Zohocorp Manageengine Servicedesk Plus 9.2
Zohocorp Manageengine Servicedesk Plus 9.3
Zohocorp Manageengine Servicedesk Plus 8.2
Zohocorp Manageengine Servicedesk Plus 9.0
Zohocorp Manageengine Servicedesk Plus 9.4
Zohocorp Manageengine Servicedesk Plus 10.5
Zohocorp Manageengine Servicedesk Plus 11.0
Zohocorp Manageengine Servicedesk Plus 8.1
Zohocorp Manageengine Servicedesk Plus 10.0
Zohocorp Manageengine Servicedesk Plus 11.2
Zohocorp Manageengine Servicedesk Plus 11.3
Zohocorp Manageengine Servicedesk Plus 12.0
NA
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils prior to 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
445
VMScore
CVE-2018-12997
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows malicious u...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
383
VMScore
CVE-2018-12998
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote m...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
505
VMScore
CVE-2014-5446
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 up to and including 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine Netflow Analyzer 9.1
Zohocorp Manageengine Netflow Analyzer 9.5
Zohocorp Manageengine Netflow Analyzer 9.9
Zohocorp Manageengine Netflow Analyzer 10.0
Zohocorp Manageengine Netflow Analyzer 9.6
Zohocorp Manageengine Netflow Analyzer 9.7
Zohocorp Manageengine Netflow Analyzer 10.2
Zohocorp Manageengine Netflow Analyzer 9.8
Zohocorp Manageengine Netflow Analyzer 9.8.5
Zohocorp Manageengine Netflow Analyzer 8.6
Zohocorp Manageengine Netflow Analyzer 9.0
Zohocorp Manageengine Netflow Analyzer 9.8.6
Zohocorp Manageengine Netflow Analyzer 9.8.7
1 EDB exploit
NA
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils prior to 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated malicious users to obtain a user's AP...
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Firewall Analyzer 12.5
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Firewall Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
Zohocorp Manageengine Opmanager Msp 12.6
1 Github repository
NA
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus prior to 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
Zohocorp Manageengine Adselfservice Plus 5.7
Zohocorp Manageengine Adselfservice Plus 5.0
Zohocorp Manageengine Adselfservice Plus 5.1
Zohocorp Manageengine Adselfservice Plus 5.2
Zohocorp Manageengine Adselfservice Plus 5.3
Zohocorp Manageengine Adselfservice Plus 5.4
Zohocorp Manageengine Adselfservice Plus 5.5
Zohocorp Manageengine Adselfservice Plus 5.6
Zohocorp Manageengine Adselfservice Plus 4.5
Zohocorp Manageengine Adselfservice Plus 5.8
Zohocorp Manageengine Adselfservice Plus 6.0
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus 5.0.6
Zohocorp Manageengine Adselfservice Plus 6.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »