Vulnerabilities > Zohocorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-12 | CVE-2022-43672 | SQL Injection vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | 9.8 |
| 2022-09-16 | CVE-2022-40300 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | 9.8 |
| 2022-08-15 | CVE-2020-21642 | Path Traversal vulnerability in Zohocorp Manageengine Analytics Plus Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | 9.8 |
| 2022-07-26 | CVE-2022-36412 | Improper Authentication vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. | 9.8 |
| 2022-07-19 | CVE-2022-35405 | Deserialization of Untrusted Data vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. | 9.8 |
| 2022-05-05 | CVE-2022-29535 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | 9.8 |
| 2022-04-28 | CVE-2022-29081 | Path Traversal vulnerability in Zohocorp products Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. | 9.8 |
| 2022-04-05 | CVE-2022-28219 | XXE vulnerability in Zohocorp Manageengine Adaudit Plus Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 |
| 2022-03-02 | CVE-2022-24305 | Unspecified vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | 9.8 |
| 2022-03-02 | CVE-2022-24306 | Incorrect Authorization vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | 9.8 |