Vulnerabilities > Zohocorp > Manageengine Admanager Plus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-13 | CVE-2023-29084 | Command Injection vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | 7.2 |
| 2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
| 2022-11-18 | CVE-2022-42904 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. | 7.2 |
| 2022-04-18 | CVE-2022-29457 | Insufficiently Protected Credentials vulnerability in Zohocorp products Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | 8.8 |
| 2021-11-11 | CVE-2021-42002 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | 9.8 |
| 2021-10-13 | CVE-2021-20130 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | 8.8 |
| 2021-10-13 | CVE-2021-20131 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | 8.8 |
| 2021-10-07 | CVE-2021-38298 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. | 9.8 |
| 2021-10-07 | CVE-2021-37762 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. | 9.8 |
| 2021-10-07 | CVE-2021-37918 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 9.8 |