Vulnerabilities > Zohocorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-12 | CVE-2022-40773 | Improper Input Validation vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. | 8.8 |
| 2022-11-12 | CVE-2022-41339 | Unspecified vulnerability in Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4 In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | 7.8 |
| 2022-07-18 | CVE-2022-35404 | Improper Input Validation vulnerability in Zohocorp products ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 |
| 2022-05-24 | CVE-2022-23050 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 |
| 2022-05-05 | CVE-2022-29535 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | 7.5 |
| 2022-04-18 | CVE-2022-29457 | Insufficiently Protected Credentials vulnerability in Zohocorp products Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | 8.8 |
| 2022-04-05 | CVE-2022-24978 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. | 8.8 |
| 2022-03-02 | CVE-2022-24306 | Incorrect Authorization vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | 7.5 |
| 2021-12-20 | CVE-2021-44675 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | 7.5 |
| 2021-12-09 | CVE-2021-44514 | Improper Authentication vulnerability in Zohocorp Manageengine Opmanager 12.5 OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | 7.5 |