Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2020-9367 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Desktop Central 10.0.486 The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. | 6.9 |
| 2021-03-13 | CVE-2020-35682 | Incorrect Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus 8.2/9.0 Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | 6.5 |
| 2021-03-05 | CVE-2020-35594 | Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7066 allows XSS. | 4.3 |
| 2021-03-05 | CVE-2020-28050 | Incorrect Authorization vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | 6.4 |
| 2021-03-05 | CVE-2020-29658 | Inadequate Encryption Strength vulnerability in Zohocorp Manageengine Applications Control Plus Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. | 7.5 |
| 2021-02-19 | CVE-2021-27214 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus 6.0 A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | 4.3 |
| 2021-02-05 | CVE-2020-35765 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 6.5 |
| 2021-02-03 | CVE-2019-16268 | Injection vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.259 Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. | 3.5 |
| 2021-02-03 | CVE-2020-28653 | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | 7.5 |
| 2021-01-19 | CVE-2020-27733 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | 8.8 |