Vulnerabilities > Zohocorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-25 | CVE-2021-28958 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | 9.8 |
| 2021-04-30 | CVE-2021-28959 | Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. | 9.8 |
| 2021-04-22 | CVE-2021-3287 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | 9.8 |
| 2021-04-01 | CVE-2021-20078 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. | 9.1 |
| 2021-03-05 | CVE-2020-28050 | Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | 9.1 |
| 2021-03-05 | CVE-2020-29658 | Unspecified vulnerability in Zohocorp Manageengine Applications Control Plus Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. | 9.8 |
| 2021-02-03 | CVE-2020-28653 | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | 9.8 |
| 2020-10-29 | CVE-2020-27995 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | 9.8 |
| 2020-10-01 | CVE-2020-15533 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | 9.8 |
| 2020-09-30 | CVE-2018-5353 | Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. | 9.8 |