Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2020-12116

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
Attacker Value
Unknown

CVE-2020-11527

Disclosure Date: April 04, 2020 (last updated November 27, 2024)
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
Attacker Value
Unknown

CVE-2019-17421

Disclosure Date: November 21, 2019 (last updated November 27, 2024)
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
Attacker Value
Unknown

CVE-2019-17602

Disclosure Date: October 15, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.