12.2

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-23	CVE-2017-11560	Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. network low complexity zohocorp CWE-79	5.4
2019-05-23	CVE-2017-11559	SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. network low complexity zohocorp CWE-89	7.5
2019-05-23	CVE-2017-11561	Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. network low complexity zohocorp CWE-434	6.5
2018-11-06	CVE-2018-18980	XXE vulnerability in Zohocorp Manageengine Network Configuration Manager An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. network low complexity zohocorp CWE-611	7.5
2018-09-21	CVE-2018-17283	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. network low complexity zohocorp CWE-89	7.5
2018-09-20	CVE-2018-17243	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. network low complexity zohocorp CWE-89 critical	9.8
2017-08-04	CVE-2015-9107	Cryptographic Issues vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. network low complexity zohocorp CWE-310 critical	9.8