Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-03 | CVE-2023-4768 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-09-27 | CVE-2023-41904 | Improper Authentication vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | 5.4 |
| 2023-09-06 | CVE-2023-35719 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. low complexity zohocorp | 6.8 |
| 2023-08-31 | CVE-2023-39912 | Path Traversal vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | 4.9 |
| 2023-08-17 | CVE-2023-31492 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | 6.5 |
| 2023-08-11 | CVE-2020-27449 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO 11.1 Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | 6.1 |
| 2023-08-10 | CVE-2023-38333 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | 6.1 |
| 2023-08-04 | CVE-2023-38332 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. | 6.5 |
| 2023-07-28 | CVE-2023-38331 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. | 5.4 |