Vulnerabilities > Zohocorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-12 | CVE-2022-41339 | Unspecified vulnerability in Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4 In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | 7.8 |
| 2022-08-29 | CVE-2022-38772 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. | 8.8 |
| 2022-08-15 | CVE-2020-21641 | XXE vulnerability in Zohocorp Manageengine Analytics Plus Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | 7.5 |
| 2022-08-10 | CVE-2022-36923 | Improper Handling of Exceptional Conditions vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | 7.5 |
| 2022-08-10 | CVE-2022-37024 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. | 8.8 |
| 2022-07-18 | CVE-2022-35404 | Improper Input Validation vulnerability in Zohocorp products ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 |
| 2022-07-12 | CVE-2022-35403 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. | 7.5 |
| 2022-07-04 | CVE-2022-34829 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. | 7.5 |
| 2022-07-02 | CVE-2022-32551 | Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5/10.6 Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | 7.5 |
| 2022-05-24 | CVE-2022-23050 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 |