Vulnerabilities > Zohocorp > Manageengine Adaudit Plus > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
| 2022-04-18 | CVE-2022-29457 | Insufficiently Protected Credentials vulnerability in Zohocorp products Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | 8.8 |
| 2022-04-05 | CVE-2022-24978 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. | 8.8 |
| 2022-04-05 | CVE-2022-28219 | XXE vulnerability in Zohocorp Manageengine Adaudit Plus Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 |
| 2021-11-11 | CVE-2021-42847 | Unspecified vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | 9.8 |