Vulnerabilities > Zohocorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-11469 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. | 9.8 |
| 2019-04-22 | CVE-2019-11448 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. | 9.8 |
| 2019-02-17 | CVE-2019-8395 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Servicedesk Plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | 9.8 |
| 2019-01-03 | CVE-2019-3905 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | 10.0 |
| 2019-01-03 | CVE-2018-20664 | XXE vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | 9.8 |
| 2018-12-21 | CVE-2018-20338 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | 9.8 |
| 2018-12-17 | CVE-2018-20173 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | 9.8 |
| 2018-11-05 | CVE-2018-18949 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3 Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | 9.8 |
| 2018-10-23 | CVE-2018-18475 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | 9.8 |
| 2018-09-20 | CVE-2018-17243 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | 9.8 |