Zohocorp: >> Manageengine Applications Manager Security Vulnerabilities
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-08-01
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
CVSS Score
6.1
EPSS Score
0.069
Published
2023-08-10
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
CVSS Score
6.1
EPSS Score
0.069
Published
2023-04-26
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-04-11
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
CVSS Score
6.1
EPSS Score
0.864
Published
2023-04-11
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
CVSS Score
7.2
EPSS Score
0.274
Published
2022-05-24
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
CVSS Score
8.8
EPSS Score
0.047
Published
2022-01-10
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
CVSS Score
9.8
EPSS Score
0.212
Published
2021-11-03
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-10-21
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
CVSS Score
5.4
EPSS Score
0.291
Published
2021-07-01
Page 1