| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. |
| Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. |
| Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc. |
| Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. |
| Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. |
| Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. |
| Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. |
| Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. |
| Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. |
| Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. |
| The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. |
| Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. |
| Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. |
| Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. |
| Zoho ManageEngine Log360 before Build 5225 allows stored XSS. |
| Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. |
