Vulnerabilities > Zohocorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-30 | CVE-2021-42099 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine M365 Manager Plus Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | 7.5 |
| 2021-11-30 | CVE-2021-43319 | Command Injection vulnerability in Zohocorp Manageengine Network Configuration Manager Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | 7.5 |
| 2021-11-17 | CVE-2021-42955 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. | 7.2 |
| 2021-11-11 | CVE-2021-41833 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Patch Connect Plus 9.0.0 Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | 7.5 |
| 2021-11-11 | CVE-2021-42002 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | 7.5 |
| 2021-11-03 | CVE-2020-24743 | Unspecified vulnerability in Zohocorp Manageengine Applications Manager An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | 7.5 |
| 2021-11-01 | CVE-2021-20136 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Log360 ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. | 7.5 |
| 2021-10-13 | CVE-2021-40493 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. | 7.5 |
| 2021-10-13 | CVE-2021-41075 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | 7.5 |
| 2021-10-07 | CVE-2021-38298 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. | 7.5 |