Vulnerabilities > Zohocorp

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-17	CVE-2024-5471	Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine DDI Central 4001 Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. network low complexity zohocorp CWE-798 critical	9.8
2024-05-29	CVE-2024-27313	Cross-site Scripting vulnerability in Zohocorp Manageengine Pam360 6.6 Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. network low complexity zohocorp CWE-79	4.6
2024-05-27	CVE-2024-27310	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. network low complexity zohocorp	6.5
2024-05-27	CVE-2024-36037	Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. local low complexity zohocorp CWE-863	5.5
2024-05-20	CVE-2024-27312	Incorrect Authorization vulnerability in Zohocorp Manageengine Pam360 Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. network low complexity zohocorp CWE-863	8.1
2024-02-16	CVE-2024-21775	SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. network low complexity zohocorp CWE-89	8.8
2024-02-02	CVE-2024-0253	SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. network low complexity zohocorp CWE-89	8.8
2024-02-02	CVE-2024-0269	SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. network low complexity zohocorp CWE-89	8.8
2024-02-02	CVE-2023-48792	SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. network low complexity zohocorp CWE-89 critical	9.8
2024-02-02	CVE-2023-48793	SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. network low complexity zohocorp CWE-89 critical	9.8

Vulnerabilities > Zohocorp {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zohocorp"}]}

Vulnerabilities > Zohocorp