Vulnerabilities > Zohocorp > Manageengine Opmanager > 12.3

DATE CVE VULNERABILITY TITLE RISK
2018-10-23 CVE-2018-18475 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
network
low complexity
zohocorp CWE-434
critical
 9.8
9.8
2018-10-17 CVE-2018-18262 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-09-21 CVE-2018-17283 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2018-09-20 CVE-2018-17243 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8