Vulnerabilities > Zohocorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-40539 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | 9.8 |
| 2021-09-01 | CVE-2021-37415 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | 9.8 |
| 2021-08-30 | CVE-2021-33055 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | 9.8 |
| 2021-08-30 | CVE-2021-37417 | Improper Authentication vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | 9.8 |
| 2021-08-30 | CVE-2021-37421 | Insufficient Verification of Data Authenticity vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | 9.8 |
| 2021-08-29 | CVE-2021-40175 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | 9.8 |
| 2021-08-29 | CVE-2021-40177 | Unspecified vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | 9.8 |
| 2021-07-19 | CVE-2021-20110 | Integer Overflow or Wraparound vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 9.8 |
| 2021-07-17 | CVE-2021-33911 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | 9.8 |
| 2021-06-29 | CVE-2021-31531 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | 9.8 |