Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-05	CVE-2022-29535	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. network low complexity zohocorp CWE-89 critical	9.8
2021-12-09	CVE-2021-44514	Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5 OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. network low complexity zohocorp CWE-287 critical	9.8
2021-10-13	CVE-2021-41075	SQL Injection vulnerability in Zohocorp Manageengine Opmanager The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. network low complexity zohocorp CWE-89 critical	9.8
2021-10-13	CVE-2021-40493	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. network low complexity zohocorp CWE-89 critical	9.8
2021-09-30	CVE-2021-41288	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. network low complexity zohocorp CWE-89 critical	9.8
2021-04-22	CVE-2021-3287	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. network low complexity zohocorp CWE-502 critical	9.8
2021-04-01	CVE-2021-20078	Path Traversal vulnerability in Zohocorp Manageengine Opmanager Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. network low complexity zohocorp CWE-22 critical	9.1
2021-02-03	CVE-2020-28653	Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. network low complexity zohocorp critical	9.8
2020-03-13	CVE-2020-10541	Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. network low complexity zohocorp critical	9.8
2019-10-15	CVE-2019-17602	SQL Injection vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. network low complexity zohocorp CWE-89 critical	9.8