Vulnerabilities > Zohocorp > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-16 CVE-2019-15106 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310.
network
low complexity
zohocorp CWE-306
7.5
7.5
2019-07-17 CVE-2019-12876 Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
network
zohocorp CWE-732
8.5
8.5
2019-06-18 CVE-2019-12133 Uncontrolled Search Path Element vulnerability in Zohocorp products
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders.
local
low complexity
zohocorp CWE-427
7.2
7.2
2019-06-17 CVE-2019-12476 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser.
local
low complexity
zohocorp microsoft CWE-640
7.2
7.2
2019-06-05 CVE-2019-12196 SQL Injection vulnerability in Zohocorp Manageengine Netflow Analyzer 12.3
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.
network
low complexity
zohocorp CWE-89
7.5
7.5
2019-05-02 CVE-2019-11678 SQL Injection vulnerability in Zohocorp Manageengine Firewall Analyzer
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
network
low complexity
zohocorp CWE-89
7.5
7.5
2019-05-02 CVE-2019-11677 XXE vulnerability in Zohocorp Manageengine Firewall Analyzer
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
network
low complexity
zohocorp CWE-611
7.5
7.5
2019-02-17 CVE-2019-8395 Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
network
low complexity
zohocorp CWE-22
7.5
7.5
2019-01-03 CVE-2019-3905 Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
network
low complexity
zohocorp CWE-918
7.5
7.5
2019-01-03 CVE-2018-20664 XXE vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
network
low complexity
zohocorp CWE-611
7.5
7.5