Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2022-12-20 CVE-2022-47577 Unspecified vulnerability in Zohocorp Manageengine Device Control Plus 10.1.2228.15
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15.
local
low complexity
zohocorp
7.8
2022-12-20 CVE-2022-47578 Unspecified vulnerability in Zohocorp Manageengine Device Control Plus 10.1.2228.15
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15.
local
low complexity
zohocorp
7.8
2022-11-23 CVE-2022-40771 XXE vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
network
low complexity
zohocorp CWE-611
4.9
2022-11-23 CVE-2022-40772 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
network
low complexity
zohocorp
6.5
2022-11-23 CVE-2022-40770 Command Injection vulnerability in Zohocorp Manageengine Servicedesk Plus
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection.
network
low complexity
zohocorp CWE-77
7.2
2022-11-18 CVE-2022-42904 Unspecified vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
network
low complexity
zohocorp
7.2
2022-11-17 CVE-2022-42903 Missing Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
local
low complexity
zohocorp CWE-862
3.3
2022-11-12 CVE-2022-40773 Improper Input Validation vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation.
network
low complexity
zohocorp CWE-20
8.8
2022-11-12 CVE-2022-41339 Unspecified vulnerability in Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.
local
low complexity
zohocorp
7.8
2022-11-12 CVE-2022-43671 SQL Injection vulnerability in Zohocorp products
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
network
low complexity
zohocorp CWE-89
critical
9.8