Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2024-27312
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
CVSS Score
8.1
EPSS Score
0.003
Published
2024-05-20
CVE-2024-21775
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
CVSS Score
8.3
EPSS Score
0.007
Published
2024-02-16
CVE-2024-0253
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
CVSS Score
8.3
EPSS Score
0.007
Published
2024-02-02
CVE-2024-0269
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
CVSS Score
8.3
EPSS Score
0.007
Published
2024-02-02
CVE-2023-48792
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
CVSS Score
9.8
EPSS Score
0.086
Published
2024-02-02
CVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
CVSS Score
9.8
EPSS Score
0.086
Published
2024-02-02
CVE-2023-50785
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
CVSS Score
2.7
EPSS Score
0.005
Published
2024-01-25
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
CVSS Score
5.4
EPSS Score
0.008
Published
2024-01-18
CVE-2024-0252
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
CVSS Score
8.8
EPSS Score
0.291
Published
2024-01-11
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.761
Published
2024-01-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved