Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-04	CVE-2022-34829	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. network low complexity zohocorp	5.0
2022-07-02	CVE-2022-32551	Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5/10.6 Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). network low complexity zohocorp CWE-22	5.0
2022-05-20	CVE-2022-28987	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. network low complexity zohocorp	5.0
2022-04-18	CVE-2022-27908	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. network low complexity zohocorp CWE-89	6.5
2022-04-18	CVE-2022-28810	Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. network low complexity zohocorp CWE-798	6.8
2022-04-16	CVE-2022-26653	Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). network low complexity zohocorp CWE-425	5.3
2022-04-16	CVE-2022-26777	Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. network low complexity zohocorp CWE-425	5.3
2022-04-07	CVE-2022-24681	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. network low complexity zohocorp CWE-79	6.1
2022-04-05	CVE-2022-25245	Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. network low complexity zohocorp CWE-306	5.3
2022-04-05	CVE-2022-25373	Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. network low complexity zohocorp CWE-79	5.4