Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-05 | CVE-2020-28050 | Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | 9.1 |
| 2021-03-05 | CVE-2020-29658 | Unspecified vulnerability in Zohocorp Manageengine Applications Control Plus Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. | 9.8 |
| 2021-02-19 | CVE-2021-27214 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus 6.0 A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | 6.1 |
| 2021-02-05 | CVE-2020-35765 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 8.8 |
| 2021-02-03 | CVE-2019-16268 | Cross-site Scripting vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.259 Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. | 4.8 |
| 2021-02-03 | CVE-2020-28653 | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | 9.8 |
| 2021-01-19 | CVE-2020-27733 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | 8.8 |
| 2021-01-06 | CVE-2019-16962 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0.430 Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. | 5.4 |
| 2020-10-29 | CVE-2020-27995 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | 9.8 |
| 2020-10-08 | CVE-2020-10816 | Improper Authentication vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. | 7.5 |