Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
| 2023-01-17 | CVE-2023-22624 | XXE vulnerability in Zohocorp Manageengine Exchange Reporter Plus Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | 7.5 |
| 2023-01-05 | CVE-2022-47523 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | 9.8 |
| 2022-12-20 | CVE-2022-47577 | Unspecified vulnerability in Zohocorp Manageengine Device Control Plus 10.1.2228.15 An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. | 7.8 |
| 2022-12-20 | CVE-2022-47578 | Unspecified vulnerability in Zohocorp Manageengine Device Control Plus 10.1.2228.15 An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. | 7.8 |
| 2022-11-23 | CVE-2022-40771 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 |
| 2022-11-23 | CVE-2022-40772 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | 6.5 |
| 2022-11-23 | CVE-2022-40770 | Command Injection vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. | 7.2 |
| 2022-11-18 | CVE-2022-42904 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. | 7.2 |
| 2022-11-17 | CVE-2022-42903 | Missing Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | 3.3 |