Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2021-20108 Memory Leak vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34
Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server.
network
low complexity
zohocorp CWE-401
5.0
2021-07-19 CVE-2021-20109 Improper Certificate Validation vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address.
network
low complexity
zohocorp CWE-295
5.0
2021-07-19 CVE-2021-20110 Improper Certificate Validation vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address.
network
low complexity
zohocorp CWE-295
critical
10.0
2021-07-17 CVE-2021-33911 Code Injection vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
network
low complexity
zohocorp CWE-94
7.5
2021-07-17 CVE-2021-36771 Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
network
zohocorp CWE-79
4.3
2021-07-17 CVE-2021-36772 Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
network
zohocorp CWE-79
4.3
2021-07-02 CVE-2021-31874 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
network
zohocorp
4.3
2021-07-01 CVE-2021-31813 Cross-Site Scripting vulnerability in Zohocorp Manageengine Applications Manager
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
network
zohocorp CWE-79
3.5
2021-06-29 CVE-2021-31160 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
network
low complexity
zohocorp
5.0
2021-06-29 CVE-2021-31530 Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
network
low complexity
zohocorp
5.0