Vulnerabilities > Zohocorp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-12 | CVE-2022-43672 | SQL Injection vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | 9.8 |
2022-11-09 | CVE-2022-41978 | Unspecified vulnerability in Zohocorp Zoho CRM Lead Magnet Auth. | 6.5 |
2022-09-16 | CVE-2022-40300 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | 9.8 |
2022-08-29 | CVE-2022-38772 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. | 8.8 |
2022-08-15 | CVE-2020-21641 | XXE vulnerability in Zohocorp Manageengine Analytics Plus Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | 7.5 |
2022-08-15 | CVE-2020-21642 | Path Traversal vulnerability in Zohocorp Manageengine Analytics Plus Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | 9.8 |
2022-08-10 | CVE-2022-36923 | Improper Handling of Exceptional Conditions vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | 7.5 |
2022-08-10 | CVE-2022-37024 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. | 8.8 |
2022-07-26 | CVE-2022-36412 | Improper Authentication vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. | 9.8 |
2022-07-19 | CVE-2022-35405 | Deserialization of Untrusted Data vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. | 9.8 |