Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-11	CVE-2019-19649	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. network low complexity zohocorp CWE-89 critical	9.8
2019-08-16	CVE-2019-15104	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. network low complexity zohocorp CWE-89 critical	9.0
2019-08-16	CVE-2019-15105	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. network low complexity zohocorp CWE-89 critical	9.0
2019-04-23	CVE-2019-11469	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. network low complexity zohocorp CWE-89 critical	10.0
2019-04-22	CVE-2019-11448	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. network low complexity zohocorp CWE-89 critical	10.0
2018-09-26	CVE-2018-16364	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. network zohocorp CWE-502 critical	9.3
2018-07-13	CVE-2016-9498	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. network low complexity zohocorp CWE-502 critical	10.0
2018-06-06	CVE-2018-11808	Improper Input Validation vulnerability in Zohocorp Manageengine Applications Manager 13 Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server. network low complexity zohocorp CWE-20 critical	10.0
2018-03-08	CVE-2018-7890	OS Command Injection vulnerability in Zohocorp Manageengine Applications Manager A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). network low complexity zohocorp CWE-78 critical	10.0