CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zohocorp : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-29535 89 Sql 2022-05-05 2022-05-17
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
2 CVE-2022-29081 863 Bypass 2022-04-28 2022-05-10
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
3 CVE-2022-28810 78 Exec Code 2022-04-18 2022-04-26
7.1
None Remote High ??? Complete Complete Complete
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
4 CVE-2022-28219 611 Exec Code 2022-04-05 2022-04-12
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
5 CVE-2022-24306 863 2022-03-02 2022-03-09
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
6 CVE-2022-24305 269 2022-03-02 2022-03-09
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
7 CVE-2021-44676 668 2021-12-20 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
8 CVE-2021-44675 287 Exec Code Bypass 2021-12-20 2022-01-03
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
9 CVE-2021-44525 668 Bypass 2021-12-20 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
10 CVE-2021-44514 287 2021-12-09 2021-12-15
7.5
None Remote Low Not required Partial Partial Partial
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
11 CVE-2021-44077 287 Exec Code 2021-11-29 2022-03-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
12 CVE-2021-43319 77 2021-11-30 2022-04-06
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
13 CVE-2021-42847 2021-11-11 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
14 CVE-2021-42099 434 Exec Code 2021-11-30 2021-12-06
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
15 CVE-2021-42002 863 Exec Code Bypass 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
16 CVE-2021-41833 434 Exec Code 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
17 CVE-2021-41288 89 Sql 2021-09-30 2021-10-07
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
18 CVE-2021-41081 89 Sql 2021-11-11 2022-05-16
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
19 CVE-2021-41080 89 Sql 2021-11-11 2022-05-16
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
20 CVE-2021-41075 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
21 CVE-2021-40539 287 Exec Code Bypass 2021-09-07 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
22 CVE-2021-40493 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
23 CVE-2021-40177 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
24 CVE-2021-40175 434 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
25 CVE-2021-38298 611 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
26 CVE-2021-37931 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
27 CVE-2021-37930 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
28 CVE-2021-37929 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
29 CVE-2021-37928 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
30 CVE-2021-37927 287 2021-09-22 2022-03-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
31 CVE-2021-37926 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
32 CVE-2021-37925 78 2021-09-22 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
33 CVE-2021-37924 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
34 CVE-2021-37923 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
35 CVE-2021-37921 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
36 CVE-2021-37920 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
37 CVE-2021-37919 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
38 CVE-2021-37918 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
39 CVE-2021-37762 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
40 CVE-2021-37761 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
41 CVE-2021-37539 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
42 CVE-2021-37424 269 2021-09-21 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
43 CVE-2021-37423 2021-09-10 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
44 CVE-2021-37422 89 Sql 2021-09-10 2021-09-17
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
45 CVE-2021-37421 863 Bypass 2021-08-30 2021-09-16
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
46 CVE-2021-37415 287 Bypass 2021-09-01 2021-12-02
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
47 CVE-2021-33911 Exec Code 2021-07-17 2022-05-03
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
48 CVE-2021-31531 918 2021-06-29 2021-07-02
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
49 CVE-2021-28959 22 Exec Code Dir. Trav. 2021-04-30 2021-05-11
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
50 CVE-2021-28958 287 Exec Code 2021-06-25 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
Total number of vulnerabilities : 110   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.