Vulnerabilities > Zohocorp > Manageengine Network Configuration Manager > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-08 | CVE-2023-47211 | Path Traversal vulnerability in Zohocorp products A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. | 8.6 |
2023-08-04 | CVE-2023-29505 | Origin Validation Error vulnerability in Zohocorp Manageengine Network Configuration Manager 12.6 An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. | 8.8 |
2022-07-18 | CVE-2022-35404 | Improper Input Validation vulnerability in Zohocorp products ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 |
2021-11-30 | CVE-2021-43319 | Command Injection vulnerability in Zohocorp Manageengine Network Configuration Manager Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | 7.5 |
2019-06-18 | CVE-2019-12133 | Uncontrolled Search Path Element vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. | 7.2 |
2018-06-29 | CVE-2018-12997 | Information Exposure vulnerability in Zohocorp products Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | 7.5 |