Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2019-15083 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.0.0 Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. | 6.1 |
| 2020-05-05 | CVE-2020-10859 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. | 6.5 |
| 2020-03-23 | CVE-2020-8838 | Improper Validation of Integrity Check Value vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. | 6.4 |
| 2020-03-23 | CVE-2019-15510 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0 ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | 6.1 |
| 2020-03-13 | CVE-2019-19799 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | 5.3 |
| 2020-03-09 | CVE-2016-1159 | Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | 6.5 |
| 2020-02-17 | CVE-2019-20474 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.447 An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. | 4.3 |
| 2020-02-06 | CVE-2019-19800 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager 14.0 Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | 5.3 |
| 2020-01-31 | CVE-2020-8422 | Unspecified vulnerability in Zohocorp Manageengine Remote Access Plus An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. | 4.3 |
| 2020-01-23 | CVE-2020-6843 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. | 4.8 |