Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-30 | CVE-2018-5353 | Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. | 7.5 |
| 2020-09-25 | CVE-2020-15521 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | 4.3 |
| 2020-09-25 | CVE-2020-15394 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | 7.5 |
| 2020-09-04 | CVE-2020-14008 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | 6.5 |
| 2020-08-31 | CVE-2020-24786 | Improper Authentication vulnerability in Zohocorp products An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. | 9.8 |
| 2020-08-11 | CVE-2020-11552 | Improper Privilege Management vulnerability in Zohocorp Manageengine Adselfservice Plus An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. | 10.0 |
| 2020-07-29 | CVE-2020-15588 | Integer Overflow or Wraparound vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. | 7.5 |
| 2020-06-12 | CVE-2020-14048 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus 8.2/9.0 Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. | 5.0 |
| 2020-06-04 | CVE-2020-13818 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | 5.0 |
| 2020-05-18 | CVE-2020-13154 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Servicedesk Plus 11.1 Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | 4.0 |