Vulnerabilities > Zohocorp > Manageengine Opmanager > 11.5

DATE CVE VULNERABILITY TITLE RISK
2019-08-16 CVE-2019-15106 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310.
network
low complexity
zohocorp CWE-306
critical
 9.8
9.8
2018-12-06 CVE-2018-19921 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-20 CVE-2018-18716 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-15 CVE-2018-19288 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-06 CVE-2018-18980 XXE vulnerability in Zohocorp Manageengine Network Configuration Manager
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request.
network
low complexity
zohocorp CWE-611
7.5
7.5
2018-11-05 CVE-2018-18949 SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2018-09-21 CVE-2018-17283 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2018-09-20 CVE-2018-17243 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-08-04 CVE-2015-9107 Cryptographic Issues vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices.
network
low complexity
zohocorp CWE-310
critical
 9.8
9.8