Show filters
17 Total Results
Displaying 1-10 of 17
Sort by:
Attacker Value
Unknown

CVE-2020-12116

Disclosure Date: May 07, 2020 (last updated November 27, 2024)
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
High

CVE-2021-3287

Disclosure Date: April 22, 2021 (last updated November 28, 2024)
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
High

CVE-2020-28653

Disclosure Date: February 03, 2021 (last updated November 28, 2024)
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
Unknown

CVE-2023-6105

Disclosure Date: November 15, 2023 (last updated February 14, 2025)
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38772

Disclosure Date: August 29, 2022 (last updated October 08, 2023)
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-37024

Disclosure Date: August 10, 2022 (last updated October 08, 2023)
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-36923

Disclosure Date: August 10, 2022 (last updated October 08, 2023)
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-35404

Disclosure Date: July 18, 2022 (last updated October 07, 2023)
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-29535

Disclosure Date: May 05, 2022 (last updated October 07, 2023)
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-27908

Disclosure Date: April 18, 2022 (last updated October 07, 2023)
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >