Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-07 | CVE-2023-34197 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 8.1/8.2/9.0 Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | 5.4 |
| 2023-07-07 | CVE-2023-37308 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. | 5.4 |
| 2023-07-05 | CVE-2023-35786 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | 4.9 |
| 2023-06-20 | CVE-2023-35854 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. | 9.8 |
| 2023-05-04 | CVE-2023-31099 | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. | 8.8 |
| 2023-04-26 | CVE-2023-29442 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | 6.1 |
| 2023-04-26 | CVE-2023-29443 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | 4.9 |
| 2023-04-26 | CVE-2023-2291 | Unspecified vulnerability in Zohocorp products Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. | 7.8 |
| 2023-04-13 | CVE-2023-29084 | Command Injection vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | 7.2 |
| 2023-04-11 | CVE-2023-28340 | XXE vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | 6.5 |