Vulnerabilities > Zohocorp > Manageengine Remote Access Plus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2022-04-16 | CVE-2022-26653 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | 5.3 |
| 2022-04-16 | CVE-2022-26777 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | 5.3 |
| 2021-11-17 | CVE-2021-42954 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. | 4.6 |
| 2021-09-30 | CVE-2021-41827 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. | 5.0 |
| 2021-09-30 | CVE-2021-41828 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. | 5.0 |
| 2021-09-30 | CVE-2021-41829 | Use of Insufficiently Random Values vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. | 5.0 |
| 2020-10-02 | CVE-2020-15589 | Unspecified vulnerability in Zohocorp products A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. network zohocorp | 6.8 |
| 2020-03-19 | CVE-2019-11361 | Incorrect Authorization vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.258 Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | 6.5 |
| 2020-02-17 | CVE-2019-20474 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.447 An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. | 4.0 |