Vulnerabilities > Zohocorp > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-16 CVE-2022-26653 Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
network
low complexity
zohocorp CWE-425
5.3
5.3
2022-04-16 CVE-2022-26777 Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
network
low complexity
zohocorp CWE-425
5.3
5.3
2022-04-07 CVE-2022-24681 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
network
low complexity
zohocorp CWE-79
6.1
6.1
2022-04-05 CVE-2022-25245 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
network
low complexity
zohocorp CWE-306
5.3
5.3
2022-04-05 CVE-2022-25373 Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
network
low complexity
zohocorp CWE-79
5.4
5.4
2022-03-02 CVE-2022-23779 Information Exposure vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone.
network
low complexity
zohocorp CWE-200
5.3
5.3
2022-03-02 CVE-2022-24447 Unspecified vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0/6.1
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200.
network
low complexity
zohocorp
6.5
6.5
2022-03-01 CVE-2022-24446 Unspecified vulnerability in Zohocorp Manageengine KEY Manager Plus 6.1.6
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6.
network
low complexity
zohocorp
4.3
4.3
2022-01-28 CVE-2022-23863 Unspecified vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
network
low complexity
zohocorp
6.5
6.5
2022-01-27 CVE-2021-46065 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 11.3
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
network
low complexity
zohocorp CWE-79
4.8
4.8