Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2021-11-17 CVE-2021-42954 Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control.
local
low complexity
zohocorp CWE-732
4.6
2021-11-17 CVE-2021-42955 Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability.
local
low complexity
zohocorp CWE-732
7.2
2021-11-11 CVE-2021-41080 SQL Injection vulnerability in Zohocorp Manageengine Network Configuration Manager 12.4/12.5
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
network
low complexity
zohocorp CWE-89
critical
9.8
2021-11-11 CVE-2021-41081 SQL Injection vulnerability in Zohocorp Manageengine Network Configuration Manager 12.4/12.5
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
network
low complexity
zohocorp CWE-89
critical
9.8
2021-11-11 CVE-2021-41833 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Patch Connect Plus 9.0.0
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
network
low complexity
zohocorp CWE-434
7.5
2021-11-11 CVE-2021-42002 Unspecified vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
network
low complexity
zohocorp
7.5
2021-11-11 CVE-2021-42847 Unspecified vulnerability in Zohocorp Manageengine Adaudit Plus
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
network
low complexity
zohocorp
critical
9.8
2021-11-03 CVE-2020-24743 Unspecified vulnerability in Zohocorp Manageengine Applications Manager
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
network
low complexity
zohocorp
7.5
2021-11-01 CVE-2021-20136 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Log360
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite.
network
low complexity
zohocorp CWE-306
7.5
2021-10-21 CVE-2021-35512 Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Applications Manager 15.2
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
network
low complexity
zohocorp CWE-918
6.4