Vulnerabilities > Zohocorp > Manageengine Applications Manager > 12.4

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-11	CVE-2019-19650	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. network low complexity zohocorp CWE-89	8.8
2019-12-11	CVE-2019-19649	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. network low complexity zohocorp CWE-89 critical	9.8
2019-08-16	CVE-2019-15105	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. network low complexity zohocorp CWE-89 critical	9.0
2019-08-16	CVE-2019-15104	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. network low complexity zohocorp CWE-89 critical	9.0
2019-04-23	CVE-2019-11469	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. network low complexity zohocorp CWE-89 critical	10.0
2019-04-22	CVE-2019-11448	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. network low complexity zohocorp CWE-89 critical	10.0
2018-09-26	CVE-2018-16364	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. network zohocorp CWE-502 critical	9.3
2018-08-08	CVE-2018-15169	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. network zohocorp CWE-79	4.3
2018-08-08	CVE-2018-15168	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. network low complexity zohocorp CWE-89	7.5
2018-06-29	CVE-2018-12996	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do. network zohocorp CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.