Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-40771 XXE vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
network
low complexity
zohocorp CWE-611
4.9
2022-11-23 CVE-2022-40772 Improper Privilege Management vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
network
low complexity
zohocorp CWE-269
6.5
2022-11-23 CVE-2022-40770 Command Injection vulnerability in Zohocorp Manageengine Servicedesk Plus
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection.
network
low complexity
zohocorp CWE-77
7.2
2022-11-18 CVE-2022-42904 Unspecified vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
network
low complexity
zohocorp
7.2
2022-11-17 CVE-2022-42903 Incorrect Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
local
low complexity
zohocorp CWE-863
3.3
2022-11-12 CVE-2022-40773 Incorrect Authorization vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation.
network
low complexity
zohocorp CWE-863
8.8
2022-11-12 CVE-2022-41339 Unspecified vulnerability in Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.
local
low complexity
zohocorp
7.8
2022-11-12 CVE-2022-43671 SQL Injection vulnerability in Zohocorp products
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
network
low complexity
zohocorp CWE-89
critical
9.8
2022-11-12 CVE-2022-43672 SQL Injection vulnerability in Zohocorp products
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
network
low complexity
zohocorp CWE-89
critical
9.8
2022-11-09 CVE-2022-41978 Unspecified vulnerability in Zohocorp Zoho CRM Lead Magnet
Auth.
network
low complexity
zohocorp
6.5