Vulnerabilities > Zohocorp > Manageengine Opmanager > 8

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-16	CVE-2019-15106	Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. network low complexity zohocorp CWE-306 critical	9.8
2018-11-06	CVE-2018-18980	XXE vulnerability in Zohocorp Manageengine Network Configuration Manager An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. network low complexity zohocorp CWE-611	7.5
2018-09-21	CVE-2018-17283	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. network low complexity zohocorp CWE-89	7.5
2018-09-20	CVE-2018-17243	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. network low complexity zohocorp CWE-89 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.