Vulnerabilities > Zohocorp > Manageengine Opmanager > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-01 | CVE-2021-20078 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. | 9.4 |
| 2015-10-09 | CVE-2015-7765 | Hardcoded Password Information Disclosure vulnerability in Zohocorp Manageengine Opmanager 11.5 ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password. | 9.0 |
| 2015-10-09 | CVE-2015-7766 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/11.6 PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | 9.0 |