Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2022-11-12 CVE-2022-43672 SQL Injection vulnerability in Zohocorp products
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
network
low complexity
zohocorp CWE-89
critical
9.8
2022-11-09 CVE-2022-41978 Unspecified vulnerability in Zohocorp Zoho CRM Lead Magnet
Auth.
network
low complexity
zohocorp
6.5
2022-09-16 CVE-2022-40300 SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
network
low complexity
zohocorp CWE-89
critical
9.8
2022-08-29 CVE-2022-38772 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
network
low complexity
zohocorp
8.8
2022-08-15 CVE-2020-21641 XXE vulnerability in Zohocorp Manageengine Analytics Plus
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.
network
low complexity
zohocorp CWE-611
7.5
2022-08-15 CVE-2020-21642 Path Traversal vulnerability in Zohocorp Manageengine Analytics Plus
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
network
low complexity
zohocorp CWE-22
critical
9.8
2022-08-10 CVE-2022-36923 Improper Handling of Exceptional Conditions vulnerability in Zohocorp products
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
network
low complexity
zohocorp CWE-755
7.5
2022-08-10 CVE-2022-37024 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
network
low complexity
zohocorp
8.8
2022-07-26 CVE-2022-36412 Improper Authentication vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass.
network
low complexity
zohocorp CWE-287
critical
9.8
2022-07-19 CVE-2022-35405 Deserialization of Untrusted Data vulnerability in Zohocorp products
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution.
network
low complexity
zohocorp CWE-502
critical
9.8