Vulnerabilities > Zohocorp > Manageengine Opmanager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-03-30 | CVE-2022-43473 | XXE vulnerability in Zohocorp Manageengine Opmanager A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. | 5.4 |
| 2022-04-18 | CVE-2022-27908 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | 6.5 |
| 2020-06-04 | CVE-2020-13818 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | 5.0 |
| 2020-05-07 | CVE-2020-12116 | Information Exposure vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | 5.0 |
| 2020-04-04 | CVE-2020-11527 | Information Exposure vulnerability in Zohocorp Manageengine Opmanager In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | 5.0 |
| 2020-02-08 | CVE-2014-7863 | Information Exposure vulnerability in Zohocorp products The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | 5.0 |
| 2019-05-23 | CVE-2017-11559 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 5.0 |
| 2019-05-23 | CVE-2017-11561 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 4.0 |
| 2018-12-21 | CVE-2018-20339 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | 4.3 |