Vulnerabilities > Zohocorp

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-23	CVE-2022-40771	XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. network low complexity zohocorp CWE-611	4.9
2022-11-23	CVE-2022-40772	Improper Privilege Management vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. network low complexity zohocorp CWE-269	6.5
2022-11-23	CVE-2022-40770	Command Injection vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. network low complexity zohocorp CWE-77	7.2
2022-11-18	CVE-2022-42904	Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. network low complexity zohocorp	7.2
2022-11-17	CVE-2022-42903	Incorrect Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. local low complexity zohocorp CWE-863	3.3
2022-11-12	CVE-2022-40773	Incorrect Authorization vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. network low complexity zohocorp CWE-863	8.8
2022-11-12	CVE-2022-41339	Unspecified vulnerability in Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4 In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. local low complexity zohocorp	7.8
2022-11-12	CVE-2022-43671	SQL Injection vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. network low complexity zohocorp CWE-89 critical	9.8
2022-11-12	CVE-2022-43672	SQL Injection vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. network low complexity zohocorp CWE-89 critical	9.8
2022-11-09	CVE-2022-41978	Unspecified vulnerability in Zohocorp Zoho CRM Lead Magnet Auth. network low complexity zohocorp	6.5

Vulnerabilities > Zohocorp {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zohocorp"}]}

Vulnerabilities > Zohocorp