Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2021-12-20 CVE-2021-44675 Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
network
low complexity
zohocorp CWE-287
7.5
2021-12-20 CVE-2021-44676 Improper Authentication vulnerability in Zohocorp Manageengine Access Manager Plus 4.1/4.2
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
network
low complexity
zohocorp CWE-287
critical
9.8
2021-12-12 CVE-2021-44515 Unspecified vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021.
network
low complexity
zohocorp
critical
10.0
2021-12-09 CVE-2021-44514 Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
network
low complexity
zohocorp CWE-287
7.5
2021-11-30 CVE-2021-42099 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine M365 Manager Plus
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
network
low complexity
zohocorp CWE-434
7.5
2021-11-30 CVE-2021-43294 Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
network
zohocorp CWE-79
4.3
2021-11-30 CVE-2021-43295 Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
network
zohocorp CWE-79
4.3
2021-11-30 CVE-2021-43296 Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
network
low complexity
zohocorp CWE-918
5.0
2021-11-30 CVE-2021-43319 Command Injection vulnerability in Zohocorp Manageengine Network Configuration Manager
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
network
low complexity
zohocorp CWE-77
7.5
2021-11-29 CVE-2021-44077 Missing Authentication for Critical Function vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.
network
low complexity
zohocorp CWE-306
critical
9.8