Vulnerabilities > Zohocorp > Manageengine Applications Manager > 13.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-19650 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | 8.8 |
| 2019-12-11 | CVE-2019-19649 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 9.8 |
| 2019-08-16 | CVE-2019-15105 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. | 9.0 |
| 2019-08-16 | CVE-2019-15104 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. | 9.0 |
| 2019-05-23 | CVE-2017-11740 | Improper Input Validation vulnerability in Zohocorp Manageengine Applications Manager 13.1 In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. | 6.8 |
| 2019-05-23 | CVE-2017-11739 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager 13.1 In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. | 4.3 |
| 2019-05-23 | CVE-2017-11738 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.1 In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. | 6.8 |
| 2019-04-23 | CVE-2019-11469 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. | 10.0 |
| 2019-04-22 | CVE-2019-11448 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. | 10.0 |
| 2018-09-26 | CVE-2018-16364 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | 9.3 |