Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-16 | CVE-2019-15106 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. | 7.5 |
| 2019-08-16 | CVE-2019-15105 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. | 9.0 |
| 2019-08-16 | CVE-2019-15104 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. | 9.0 |
| 2019-08-14 | CVE-2019-15046 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | 5.0 |
| 2019-08-08 | CVE-2019-14693 | XXE vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. | 5.5 |
| 2019-08-08 | CVE-2019-12994 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | 6.5 |
| 2019-08-08 | CVE-2019-12959 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 4.0/5.6/6.1 Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | 6.5 |
| 2019-07-17 | CVE-2019-12876 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. | 8.5 |
| 2019-07-11 | CVE-2019-12597 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |
| 2019-07-11 | CVE-2019-12596 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |