Vulnerabilities > Zohocorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-40539 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | 9.8 |
| 2021-09-01 | CVE-2021-37415 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | 9.8 |
| 2021-08-30 | CVE-2021-33055 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | 10.0 |
| 2021-07-19 | CVE-2021-20110 | Improper Certificate Validation vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 10.0 |
| 2021-06-10 | CVE-2021-20081 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | 9.0 |
| 2021-04-01 | CVE-2021-20078 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. | 9.4 |
| 2020-10-02 | CVE-2020-24397 | Integer Overflow or Wraparound vulnerability in Zohocorp Manageengine Desktop Central 10.0.0 An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. | 9.0 |
| 2020-08-31 | CVE-2020-24786 | Improper Authentication vulnerability in Zohocorp products An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. | 9.8 |
| 2020-08-11 | CVE-2020-11552 | Improper Privilege Management vulnerability in Zohocorp Manageengine Adselfservice Plus An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. | 10.0 |
| 2020-05-08 | CVE-2020-11532 | Improper Authentication vulnerability in Zohocorp products Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. | 10.0 |