Vulnerabilities > Zohocorp > Manageengine Assetexplorer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-19 | CVE-2021-20108 | Memory Leak vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. | 5.0 |
| 2021-07-19 | CVE-2021-20109 | Improper Certificate Validation vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 5.0 |
| 2021-07-19 | CVE-2021-20110 | Improper Certificate Validation vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 10.0 |
| 2020-03-23 | CVE-2020-8838 | Improper Validation of Integrity Check Value vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. | 6.4 |
| 2020-03-23 | CVE-2019-19034 | OS Command Injection vulnerability in Zohocorp Manageengine Assetexplorer 6.5 Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. | 7.2 |
| 2019-08-08 | CVE-2019-14693 | XXE vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. | 5.5 |
| 2019-08-08 | CVE-2019-12994 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | 6.5 |
| 2019-08-08 | CVE-2019-12959 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 4.0/5.6/6.1 Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | 6.5 |
| 2019-07-11 | CVE-2019-12597 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |
| 2019-07-11 | CVE-2019-12596 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |