Vulnerabilities > Zohocorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-17 | CVE-2021-42954 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. | 7.8 |
| 2021-11-17 | CVE-2021-42955 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. | 7.8 |
| 2021-10-13 | CVE-2021-20130 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | 8.8 |
| 2021-10-13 | CVE-2021-20131 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | 8.8 |
| 2021-09-30 | CVE-2021-41827 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. | 7.5 |
| 2021-09-30 | CVE-2021-41828 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. | 7.5 |
| 2021-09-30 | CVE-2021-41829 | Use of Insufficiently Random Values vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. | 7.5 |
| 2021-09-21 | CVE-2021-37419 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Admanager Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | 7.5 |
| 2021-09-21 | CVE-2021-37741 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | 8.8 |
| 2021-09-10 | CVE-2021-37414 | Improper Authentication vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | 7.5 |