Vulnerabilities > Zohocorp > Manageengine Desktop Central > 10.0.124

DATE CVE VULNERABILITY TITLE RISK
2022-03-02 CVE-2022-23779 Information Exposure vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone.
network
low complexity
zohocorp CWE-200
5.0
2022-01-28 CVE-2022-23863 Unspecified vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
network
low complexity
zohocorp
6.5
2022-01-18 CVE-2021-44757 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
network
low complexity
zohocorp
6.4
2022-01-10 CVE-2021-46164 Unspecified vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.
network
low complexity
zohocorp
6.5
2022-01-10 CVE-2021-46165 Unspecified vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.
local
low complexity
zohocorp
4.6
2022-01-10 CVE-2021-46166 Information Exposure vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.
network
low complexity
zohocorp CWE-200
4.0
2021-09-10 CVE-2021-37414 Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
network
low complexity
zohocorp CWE-287
5.0
2021-03-05 CVE-2020-28050 Incorrect Authorization vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.
network
low complexity
zohocorp CWE-863
6.4
2020-07-29 CVE-2020-15588 Integer Overflow or Wraparound vulnerability in Zohocorp Manageengine Desktop Central
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W.
network
low complexity
zohocorp CWE-190
7.5
2020-05-05 CVE-2020-10859 Path Traversal vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
network
low complexity
zohocorp CWE-22
4.0