Vulnerabilities > Zohocorp > Manageengine Remote Access Plus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-17 | CVE-2021-42954 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. | 7.8 |
| 2021-11-17 | CVE-2021-42955 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. | 7.8 |
| 2021-09-30 | CVE-2021-41827 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. | 7.5 |
| 2021-09-30 | CVE-2021-41828 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. | 7.5 |
| 2021-09-30 | CVE-2021-41829 | Use of Insufficiently Random Values vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. | 7.5 |
| 2020-10-02 | CVE-2020-15589 | Unspecified vulnerability in Zohocorp products A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. | 8.1 |
| 2020-03-19 | CVE-2019-11361 | Incorrect Authorization vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.258 Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | 8.8 |