Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-37421 | Insufficient Verification of Data Authenticity vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | 9.8 |
| 2021-08-29 | CVE-2021-40172 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | 8.8 |
| 2021-08-29 | CVE-2021-40173 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Cloud Security Plus 4.0/4.1 Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | 8.8 |
| 2021-08-29 | CVE-2021-40174 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | 8.8 |
| 2021-08-29 | CVE-2021-40175 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | 9.8 |
| 2021-08-29 | CVE-2021-40176 | Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5225 allows stored XSS. | 6.1 |
| 2021-08-29 | CVE-2021-40177 | Unspecified vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | 9.8 |
| 2021-08-29 | CVE-2021-40178 | Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | 6.1 |
| 2021-08-09 | CVE-2021-33256 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. | 8.8 |
| 2021-07-31 | CVE-2021-33617 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | 5.3 |