Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2022-07-18 CVE-2022-35404 Improper Input Validation vulnerability in Zohocorp products
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
network
low complexity
zohocorp CWE-20
8.2
2022-07-12 CVE-2022-35403 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email.
network
low complexity
zohocorp
7.5
2022-07-04 CVE-2022-34829 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
network
low complexity
zohocorp
7.5
2022-07-02 CVE-2022-32551 Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5/10.6
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
network
low complexity
zohocorp CWE-22
7.5
2022-05-24 CVE-2022-23050 Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
network
low complexity
zohocorp CWE-427
7.2
2022-05-20 CVE-2022-28987 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
network
low complexity
zohocorp
5.3
2022-05-05 CVE-2022-29535 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
network
low complexity
zohocorp CWE-89
critical
9.8
2022-04-28 CVE-2022-29081 Path Traversal vulnerability in Zohocorp products
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction.
network
low complexity
zohocorp CWE-22
critical
9.8
2022-04-18 CVE-2022-29457 Insufficiently Protected Credentials vulnerability in Zohocorp products
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
network
low complexity
zohocorp CWE-522
8.8
2022-04-18 CVE-2022-27908 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
network
low complexity
zohocorp CWE-89
8.8