Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2022-03-02 CVE-2022-23779 Information Exposure vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone.
network
low complexity
zohocorp CWE-200
5.0
2022-03-02 CVE-2022-24305 Improper Privilege Management vulnerability in Zohocorp Manageengine Sharepoint Manager Plus
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
network
low complexity
zohocorp CWE-269
7.5
2022-03-02 CVE-2022-24306 Incorrect Authorization vulnerability in Zohocorp Manageengine Sharepoint Manager Plus
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
network
low complexity
zohocorp CWE-863
7.5
2022-03-02 CVE-2022-24447 Information Exposure vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0/6.1
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200.
network
low complexity
zohocorp CWE-200
4.0
2022-03-01 CVE-2022-24446 Exposure of Resource to Wrong Sphere vulnerability in Zohocorp Manageengine KEY Manager Plus 6.1.6
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6.
network
zohocorp CWE-668
3.5
2022-01-28 CVE-2022-23863 Improper Privilege Management vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
network
low complexity
zohocorp CWE-269
4.0
2022-01-27 CVE-2021-46065 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 11.3
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
network
zohocorp CWE-79
3.5
2022-01-18 CVE-2021-44757 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
network
low complexity
zohocorp
6.4
2022-01-12 CVE-2021-44651 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Log360 and Manageengine Cloud Security Plus
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.
network
low complexity
zohocorp CWE-434
6.5
2022-01-12 CVE-2021-44652 Unspecified vulnerability in Zohocorp Manageengine O365 Manager Plus
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
network
zohocorp
6.8