Vulnerabilities > Zohocorp > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-49574 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
network
low complexity
zohocorp CWE-89
8.8
2024-11-08 CVE-2024-10839 XXE vulnerability in Zohocorp Manageengine Sharepoint Manager Plus
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
network
low complexity
zohocorp CWE-611
8.1
2024-11-08 CVE-2024-24409 Unspecified vulnerability in Zohocorp Manageengine Admanager Plus
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
network
low complexity
zohocorp
8.8
2024-11-05 CVE-2024-9459 SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
network
low complexity
zohocorp CWE-89
8.8
2024-11-04 CVE-2024-36485 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
network
low complexity
zohocorp CWE-89
8.8
2024-11-04 CVE-2024-48878 SQL Injection vulnerability in Zohocorp Manageengine Admanager Plus
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
network
low complexity
zohocorp CWE-89
8.8
2024-10-24 CVE-2024-5608 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
network
low complexity
zohocorp CWE-89
8.1
2024-08-30 CVE-2024-38868 Incorrect Authorization vulnerability in Zohocorp Manageengine Endpoint Central
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
network
low complexity
zohocorp CWE-863
8.3
2024-08-30 CVE-2024-6204 SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
network
low complexity
zohocorp CWE-89
8.1
2024-08-28 CVE-2024-5546 SQL Injection vulnerability in Zohocorp Manageengine Pam360
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.
network
low complexity
zohocorp CWE-89
8.8