Vulnerabilities > Zohocorp > Manageengine Desktop Central
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-03 | CVE-2023-4768 | CRLF Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-03 | CVE-2023-4769 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. | 8.8 |
| 2023-02-25 | CVE-2022-48362 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. | 8.8 |
| 2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
| 2022-03-02 | CVE-2022-23779 | Information Exposure vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. | 5.0 |
| 2022-01-28 | CVE-2022-23863 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | 6.5 |
| 2022-01-18 | CVE-2021-44757 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | 6.4 |
| 2022-01-10 | CVE-2021-46164 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | 6.5 |
| 2022-01-10 | CVE-2021-46165 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | 4.6 |