Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-18 | CVE-2022-28810 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. | 6.8 |
| 2022-04-16 | CVE-2022-26653 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | 5.3 |
| 2022-04-16 | CVE-2022-26777 | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | 5.3 |
| 2022-04-07 | CVE-2022-24681 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | 6.1 |
| 2022-04-05 | CVE-2022-25245 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | 5.3 |
| 2022-04-05 | CVE-2022-25373 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | 5.4 |
| 2022-03-02 | CVE-2022-23779 | Information Exposure vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. | 5.3 |
| 2022-03-02 | CVE-2022-24447 | Unspecified vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0/6.1 An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. | 6.5 |
| 2022-03-01 | CVE-2022-24446 | Unspecified vulnerability in Zohocorp Manageengine KEY Manager Plus 6.1.6 An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. | 4.3 |
| 2022-01-28 | CVE-2022-23863 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | 6.5 |