Vulnerabilities > Zohocorp > Manageengine Remote Access Plus > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-6105 Unspecified vulnerability in Zohocorp products
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed.
local
low complexity
zohocorp
5.5
5.5
2022-04-16 CVE-2022-26653 Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
network
low complexity
zohocorp CWE-425
5.3
5.3
2022-04-16 CVE-2022-26777 Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
network
low complexity
zohocorp CWE-425
5.3
5.3
2021-02-03 CVE-2019-16268 Cross-site Scripting vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.259
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
network
low complexity
zohocorp CWE-79
4.8
4.8
2020-02-17 CVE-2019-20474 Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.447
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447.
network
low complexity
zohocorp CWE-918
4.3
4.3
2020-01-31 CVE-2020-8422 Unspecified vulnerability in Zohocorp Manageengine Remote Access Plus
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450.
network
low complexity
zohocorp
4.3
4.3