Vulnerabilities > Zohocorp > Manageengine Opmanager > 8

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-3287 Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
network
low complexity
zohocorp CWE-502
7.5
7.5
2021-04-01 CVE-2021-20078 Path Traversal vulnerability in Zohocorp Manageengine Opmanager
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component.
network
low complexity
zohocorp CWE-22
critical
 9.4
9.4
2021-02-03 CVE-2020-28653 Unspecified vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
network
low complexity
zohocorp
7.5
7.5
2020-06-04 CVE-2020-13818 Path Traversal vulnerability in Zohocorp Manageengine Opmanager
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
network
low complexity
zohocorp CWE-22
5.0
5.0
2020-05-07 CVE-2020-12116 Information Exposure vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
network
low complexity
zohocorp CWE-200
5.0
5.0
2020-04-04 CVE-2020-11527 Information Exposure vulnerability in Zohocorp Manageengine Opmanager
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
network
low complexity
zohocorp CWE-200
5.0
5.0
2020-03-13 CVE-2020-10541 Improper Input Validation vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request.
network
low complexity
zohocorp CWE-20
7.5
7.5
2019-10-15 CVE-2019-17602 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089.
network
low complexity
zohocorp CWE-89
7.5
7.5