Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-46166 | Information Exposure vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | 6.5 |
| 2022-01-03 | CVE-2021-20147 | Information Exposure Through Discrepancy vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. | 5.3 |
| 2022-01-03 | CVE-2021-20148 | Files or Directories Accessible to External Parties vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. | 4.3 |
| 2021-12-23 | CVE-2021-44526 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | 9.8 |
| 2021-12-20 | CVE-2021-44525 | Improper Authentication vulnerability in Zohocorp Manageengine Pam360 Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | 9.8 |
| 2021-12-20 | CVE-2021-44675 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | 9.8 |
| 2021-12-20 | CVE-2021-44676 | Improper Authentication vulnerability in Zohocorp Manageengine Access Manager Plus 4.1/4.2 Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | 9.8 |
| 2021-12-12 | CVE-2021-44515 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. | 9.8 |
| 2021-12-09 | CVE-2021-44514 | Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5 OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | 9.8 |
| 2021-11-30 | CVE-2021-42099 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine M365 Manager Plus Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | 9.8 |