Vulnerabilities > Zohocorp > Manageengine Applications Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2022-23050 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 |
| 2022-01-10 | CVE-2020-28679 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | 8.8 |
| 2021-02-05 | CVE-2020-35765 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 8.8 |
| 2021-01-19 | CVE-2020-27733 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | 8.8 |
| 2020-10-08 | CVE-2020-10816 | Improper Authentication vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. | 7.5 |
| 2020-10-06 | CVE-2020-16267 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | 8.8 |
| 2020-10-06 | CVE-2020-15927 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. | 8.8 |
| 2020-09-04 | CVE-2020-14008 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | 7.2 |
| 2020-02-08 | CVE-2014-7863 | Information Exposure vulnerability in Zohocorp products The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | 7.5 |
| 2020-01-10 | CVE-2019-19475 | Incorrect Default Permissions vulnerability in Zohocorp Manageengine Applications Manager 14.3 An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. | 8.8 |