Vulnerabilities > Zohocorp > Manageengine Applications Manager > 13.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-25 | CVE-2020-15394 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | 9.8 |
| 2020-03-13 | CVE-2019-19799 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | 5.3 |
| 2019-12-11 | CVE-2019-19650 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | 8.8 |
| 2019-12-11 | CVE-2019-19649 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 9.8 |
| 2019-08-16 | CVE-2019-15105 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. | 8.8 |
| 2019-08-16 | CVE-2019-15104 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. | 8.8 |
| 2019-05-23 | CVE-2017-11740 | Improper Input Validation vulnerability in Zohocorp Manageengine Applications Manager 13.1 In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. | 8.8 |
| 2019-05-23 | CVE-2017-11739 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager 13.1 In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. | 6.1 |
| 2019-05-23 | CVE-2017-11738 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.1 In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. | 8.1 |
| 2019-04-23 | CVE-2019-11469 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. | 9.8 |