Filtered by vendor Zohocorp
Subscriptions
Filtered by product Manageengine Applications Manager
Subscriptions
Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15533 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-04 | 9.8 Critical |
| In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | ||||
| CVE-2020-15521 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-04 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | ||||
| CVE-2020-15394 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-04 | 9.8 Critical |
| The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | ||||
| CVE-2020-14008 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-04 | 7.2 High |
| Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | ||||
| CVE-2020-10816 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-04 | 7.5 High |
| Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. | ||||
| CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-04 | 6.5 Medium |
| An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | ||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-03 | 5.4 Medium |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | ||||
| CVE-2022-23050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-03 | 7.2 High |
| ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | ||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-02 | 6.1 Medium |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | ||||
| CVE-2023-29442 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-02 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | ||||
| CVE-2023-28341 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-02 | 6.1 Medium |
| Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | ||||
| CVE-2023-28340 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-02 | 6.5 Medium |
| Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | ||||