Vulnerabilities > Zohocorp > Manageengine Admanager Plus > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2022-47966 Unspecified vulnerability in Zohocorp products
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
network
low complexity
zohocorp
critical
 9.8
9.8
2021-11-11 CVE-2021-42002 Unspecified vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
network
low complexity
zohocorp
critical
 9.8
9.8
2021-10-07 CVE-2021-38298 XXE vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
network
low complexity
zohocorp CWE-611
critical
 9.8
9.8
2021-10-07 CVE-2021-37931 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8
2021-10-07 CVE-2021-37930 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8
2021-10-07 CVE-2021-37929 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8
2021-10-07 CVE-2021-37928 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8
2021-10-07 CVE-2021-37926 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8
2021-10-07 CVE-2021-37924 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8
2021-10-07 CVE-2021-37923 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8