Vulnerabilities > Zohocorp > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-28 | CVE-2022-29081 | Path Traversal vulnerability in Zohocorp products Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. | 9.8 |
2022-04-05 | CVE-2022-28219 | XXE vulnerability in Zohocorp Manageengine Adaudit Plus Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 |
2022-03-02 | CVE-2022-24305 | Unspecified vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | 9.8 |
2021-12-20 | CVE-2021-44525 | Improper Authentication vulnerability in Zohocorp Manageengine Pam360 Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | 9.8 |
2021-12-20 | CVE-2021-44676 | Improper Authentication vulnerability in Zohocorp Manageengine Access Manager Plus 4.1/4.2 Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | 9.8 |
2021-12-12 | CVE-2021-44515 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. | 10.0 |
2021-11-29 | CVE-2021-44077 | Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. | 9.8 |
2021-11-11 | CVE-2021-41080 | SQL Injection vulnerability in Zohocorp Manageengine Network Configuration Manager 12.4/12.5 Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | 9.8 |
2021-11-11 | CVE-2021-41081 | SQL Injection vulnerability in Zohocorp Manageengine Network Configuration Manager 12.4/12.5 Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | 9.8 |
2021-11-11 | CVE-2021-42847 | Unspecified vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | 9.8 |