High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-21	CVE-2019-7161	Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. network low complexity zohocorp CWE-798	7.5
2018-12-13	CVE-2018-19118	Out-of-bounds Write vulnerability in Zohocorp Manageengine Adaudit Plus 4.1.0/4.5.0/5.0.0 Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. network low complexity zohocorp CWE-787	7.5
2018-11-06	CVE-2018-18980	XXE vulnerability in Zohocorp Manageengine Network Configuration Manager An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. network low complexity zohocorp CWE-611	7.5
2018-09-26	CVE-2018-16364	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 13.7 A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. network high complexity zohocorp CWE-502	8.1
2018-09-21	CVE-2018-17283	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. network low complexity zohocorp CWE-89	7.5
2018-09-12	CVE-2018-13412	Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. local low complexity zohocorp CWE-732	7.8
2018-09-12	CVE-2018-13411	Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. network low complexity zohocorp CWE-732	8.8
2018-07-13	CVE-2016-9489	Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. network low complexity zohocorp CWE-264	8.8
2018-06-29	CVE-2018-12999	Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central 10.0.255 Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. network low complexity zohocorp CWE-20	7.5
2018-06-29	CVE-2018-12997	Information Exposure vulnerability in Zohocorp products Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. network low complexity zohocorp CWE-200	7.5