Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2022-11-12 CVE-2022-43672 SQL Injection vulnerability in Zohocorp products
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
network
low complexity
zohocorp CWE-89
critical
9.8
2022-11-09 CVE-2022-41978 Unspecified vulnerability in Zohocorp Zoho CRM Lead Magnet
Auth.
network
low complexity
zohocorp
6.5
2022-07-19 CVE-2022-35405 Deserialization of Untrusted Data vulnerability in Zohocorp products
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution.
network
low complexity
zohocorp CWE-502
critical
9.8
2022-07-18 CVE-2022-35404 Improper Input Validation vulnerability in Zohocorp products
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
network
low complexity
zohocorp CWE-20
8.2
2022-07-12 CVE-2022-35403 Unspecified vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email.
network
low complexity
zohocorp
5.0
2022-07-04 CVE-2022-34829 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
network
low complexity
zohocorp
5.0
2022-07-02 CVE-2022-32551 Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5/10.6
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
network
low complexity
zohocorp CWE-22
5.0
2022-05-24 CVE-2022-23050 Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
network
low complexity
zohocorp CWE-427
7.2
2022-05-20 CVE-2022-28987 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
network
low complexity
zohocorp
5.0
2022-05-05 CVE-2022-29535 SQL Injection vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
network
low complexity
zohocorp CWE-89
7.5