Vulnerabilities > Manageengine

DATE CVE VULNERABILITY TITLE RISK
2021-09-21 CVE-2020-19554 Cross-site Scripting vulnerability in Manageengine Opmanager 12.3
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
network
low complexity
manageengine CWE-79
6.1
2021-09-21 CVE-2021-28960 Command Injection vulnerability in Manageengine Desktop Central 10.0.282/5.65
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
network
low complexity
manageengine CWE-77
critical
9.8
2018-08-28 CVE-2018-15608 Cross-site Scripting vulnerability in Manageengine Admanager Plus 6.5.7
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
network
low complexity
manageengine CWE-79
6.1
2018-06-05 CVE-2016-9490 Cross-site Scripting vulnerability in Manageengine Applications Manager 12.0/13.0
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability.
network
low complexity
manageengine CWE-79
6.1
2018-06-05 CVE-2016-9488 SQL Injection vulnerability in Manageengine Applications Manager 12.0/13.0
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities.
network
low complexity
manageengine CWE-89
critical
9.8
2017-11-08 CVE-2017-11512 Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL.
network
low complexity
manageengine CWE-22
7.5
2017-11-08 CVE-2017-11511 Information Exposure vulnerability in Manageengine Servicedesk 9.3.9328
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL.
network
low complexity
manageengine CWE-200
7.5
2017-09-28 CVE-2015-8249 Unrestricted Upload of File with Dangerous Type vulnerability in Manageengine Desktop Central 9.0
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
network
low complexity
manageengine CWE-434
critical
9.8
2017-08-28 CVE-2014-5302 Path Traversal vulnerability in Manageengine products
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
network
low complexity
manageengine CWE-22
8.8
2017-08-28 CVE-2014-5301 Path Traversal vulnerability in Manageengine products
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
network
low complexity
manageengine CWE-22
8.8