Vulnerabilities > Zohocorp > Manageengine Applications Manager > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2020-24743 | Unspecified vulnerability in Zohocorp Manageengine Applications Manager An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | 9.8 |
| 2020-10-29 | CVE-2020-27995 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | 9.8 |
| 2020-10-01 | CVE-2020-15533 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | 9.8 |
| 2020-09-25 | CVE-2020-15394 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | 9.8 |
| 2019-12-11 | CVE-2019-19649 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 9.8 |
| 2019-04-23 | CVE-2019-11469 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. | 9.8 |
| 2019-04-22 | CVE-2019-11448 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. | 9.8 |
| 2018-08-08 | CVE-2018-15168 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | 9.8 |
| 2018-07-13 | CVE-2016-9498 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. | 9.8 |
| 2018-07-02 | CVE-2018-13050 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | 9.8 |