Vulnerabilities > Zohocorp > Manageengine Opmanager > 12.3

DATE CVE VULNERABILITY TITLE RISK
2019-06-18 CVE-2019-12133 Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders.
local
low complexity
zohocorp CWE-732
7.8
7.8
2018-12-21 CVE-2018-20339 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-12-21 CVE-2018-20338 SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2018-12-17 CVE-2018-20173 SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2018-12-06 CVE-2018-19921 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-20 CVE-2018-18716 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-20 CVE-2018-18715 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-15 CVE-2018-19288 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-06 CVE-2018-18980 XXE vulnerability in Zohocorp Manageengine Network Configuration Manager
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request.
network
low complexity
zohocorp CWE-611
7.5
7.5
2018-11-05 CVE-2018-18949 SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8