Vulnerabilities > Zohocorp > Manageengine Admanager Plus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-09-27 | CVE-2023-41904 | Improper Authentication vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | 5.4 |
| 2023-08-31 | CVE-2023-39912 | Path Traversal vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | 4.9 |
| 2023-08-17 | CVE-2023-31492 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | 6.5 |
| 2023-08-04 | CVE-2023-38332 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. | 6.5 |
| 2023-07-05 | CVE-2023-35786 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | 4.9 |
| 2021-10-13 | CVE-2021-20130 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | 6.5 |
| 2021-10-13 | CVE-2021-20131 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | 6.5 |
| 2021-10-07 | CVE-2021-37922 | Path Traversal vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. | 5.0 |
| 2021-09-21 | CVE-2021-37419 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Admanager Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | 5.0 |