Vulnerabilities > Zohocorp > Manageengine Applications Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2022-23050 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 |
| 2021-11-03 | CVE-2020-24743 | Unspecified vulnerability in Zohocorp Manageengine Applications Manager An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | 7.5 |
| 2021-01-19 | CVE-2020-27733 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | 8.8 |
| 2020-10-29 | CVE-2020-27995 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | 7.5 |
| 2020-10-01 | CVE-2020-15533 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | 7.5 |
| 2020-09-25 | CVE-2020-15394 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | 7.5 |
| 2020-01-10 | CVE-2019-19475 | Incorrect Default Permissions vulnerability in Zohocorp Manageengine Applications Manager 14.3 An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. | 8.8 |
| 2019-12-11 | CVE-2019-19650 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | 8.8 |
| 2018-08-08 | CVE-2018-15168 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | 7.5 |
| 2018-07-02 | CVE-2018-13050 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | 7.5 |