Vulnerabilities > Zohocorp > Manageengine Opmanager > 12.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-23 | CVE-2017-11559 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 5.0 |
| 2019-05-23 | CVE-2017-11561 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 4.0 |
| 2018-11-06 | CVE-2018-18980 | XXE vulnerability in Zohocorp products An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. | 5.0 |
| 2018-09-21 | CVE-2018-17283 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.2 Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | 5.0 |
| 2018-09-20 | CVE-2018-17243 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.2 Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | 7.5 |
| 2017-08-04 | CVE-2015-9107 | Cryptographic Issues vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. | 5.0 |