Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-19 | CVE-2021-20108 | Memory Leak vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. | 5.0 |
| 2021-07-19 | CVE-2021-20109 | Improper Certificate Validation vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 5.0 |
| 2021-07-19 | CVE-2021-20110 | Improper Certificate Validation vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 10.0 |
| 2021-07-17 | CVE-2021-33911 | Code Injection vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | 7.5 |
| 2021-07-17 | CVE-2021-36771 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. | 4.3 |
| 2021-07-17 | CVE-2021-36772 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. | 4.3 |
| 2021-07-02 | CVE-2021-31874 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. network zohocorp | 4.3 |
| 2021-07-01 | CVE-2021-31813 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | 3.5 |
| 2021-06-29 | CVE-2021-31160 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. | 5.0 |
| 2021-06-29 | CVE-2021-31530 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. | 5.0 |