Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-02 | CVE-2022-23779 | Information Exposure vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. | 5.0 |
| 2022-03-02 | CVE-2022-24305 | Improper Privilege Management vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | 7.5 |
| 2022-03-02 | CVE-2022-24306 | Incorrect Authorization vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | 7.5 |
| 2022-03-02 | CVE-2022-24447 | Information Exposure vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0/6.1 An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. | 4.0 |
| 2022-03-01 | CVE-2022-24446 | Exposure of Resource to Wrong Sphere vulnerability in Zohocorp Manageengine KEY Manager Plus 6.1.6 An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. | 3.5 |
| 2022-01-28 | CVE-2022-23863 | Improper Privilege Management vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | 4.0 |
| 2022-01-27 | CVE-2021-46065 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 11.3 A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | 3.5 |
| 2022-01-18 | CVE-2021-44757 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | 6.4 |
| 2022-01-12 | CVE-2021-44651 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Log360 and Manageengine Cloud Security Plus Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | 6.5 |
| 2022-01-12 | CVE-2021-44652 | Unspecified vulnerability in Zohocorp Manageengine O365 Manager Plus Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. network zohocorp | 6.8 |