Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-15	CVE-2023-6105	Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. local low complexity zohocorp	5.5
2023-09-27	CVE-2023-41904	Improper Authentication vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. network low complexity zohocorp CWE-287	5.4
2023-08-31	CVE-2023-39912	Path Traversal vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. network low complexity zohocorp CWE-22	4.9
2023-08-17	CVE-2023-31492	Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. network low complexity zohocorp CWE-522	6.5
2023-08-04	CVE-2023-38332	Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. network low complexity zohocorp	6.5
2023-07-05	CVE-2023-35786	XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. network low complexity zohocorp CWE-611	4.9
2021-10-07	CVE-2021-37922	Path Traversal vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. network low complexity zohocorp CWE-22	5.3
2021-09-21	CVE-2021-37420	Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Admanager Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. network low complexity zohocorp CWE-306	6.5
2021-07-17	CVE-2021-36771	Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. network low complexity zohocorp CWE-79	6.1
2021-07-17	CVE-2021-36772	Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. network low complexity zohocorp CWE-79	6.1