Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2021-09-21 CVE-2021-37424 Unspecified vulnerability in Zohocorp Manageengine Admanager Plus 6.1
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
network
low complexity
zohocorp
critical
 9.8
9.8
2021-09-21 CVE-2021-37741 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
network
low complexity
zohocorp CWE-434
8.8
8.8
2021-09-10 CVE-2021-37422 SQL Injection vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2021-09-10 CVE-2021-37414 Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
network
low complexity
zohocorp CWE-287
7.5
7.5
2021-09-10 CVE-2021-37423 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
network
low complexity
zohocorp
critical
 9.8
9.8
2021-09-07 CVE-2021-40539 Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
network
low complexity
zohocorp CWE-706
critical
 9.8
9.8
2021-09-01 CVE-2021-37415 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
network
low complexity
zohocorp CWE-306
critical
 9.8
9.8
2021-08-30 CVE-2021-33055 OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
network
low complexity
zohocorp CWE-78
critical
 9.8
9.8
2021-08-30 CVE-2021-37416 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
network
low complexity
zohocorp CWE-79
6.1
6.1
2021-08-30 CVE-2021-37417 Improper Authentication vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
network
low complexity
zohocorp CWE-287
critical
 9.8
9.8