Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-09 | CVE-2021-44514 | Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5 OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | 9.8 |
| 2021-11-30 | CVE-2021-42099 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine M365 Manager Plus Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | 9.8 |
| 2021-11-30 | CVE-2021-43294 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | 6.1 |
| 2021-11-30 | CVE-2021-43295 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. | 6.1 |
| 2021-11-30 | CVE-2021-43296 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | 7.5 |
| 2021-11-30 | CVE-2021-43319 | Command Injection vulnerability in Zohocorp Manageengine Network Configuration Manager Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | 9.8 |
| 2021-11-29 | CVE-2021-44077 | Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. | 9.8 |
| 2021-11-17 | CVE-2021-42954 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. | 7.8 |
| 2021-11-17 | CVE-2021-42955 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. | 7.8 |
| 2021-11-11 | CVE-2021-41080 | SQL Injection vulnerability in Zohocorp Manageengine Network Configuration Manager 12.4/12.5 Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | 9.8 |