Vulnerabilities > Zohocorp > Manageengine Opmanager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2023-47211 | Path Traversal vulnerability in Zohocorp products A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. | 8.6 |
| 2023-05-04 | CVE-2023-31099 | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. | 8.8 |
| 2022-07-18 | CVE-2022-35404 | Improper Input Validation vulnerability in Zohocorp products ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 |
| 2022-05-05 | CVE-2022-29535 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | 7.5 |
| 2021-12-09 | CVE-2021-44514 | Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5 OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | 7.5 |
| 2021-10-13 | CVE-2021-40493 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. | 7.5 |
| 2021-10-13 | CVE-2021-41075 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | 7.5 |
| 2021-09-30 | CVE-2021-41288 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | 7.5 |
| 2021-04-22 | CVE-2021-3287 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | 7.5 |
| 2021-02-03 | CVE-2020-28653 | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | 7.5 |