Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
CVSS Score
8.8
EPSS Score
0.825
Published
2023-05-04
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-04-26
CVE-2023-29442
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
CVSS Score
6.1
EPSS Score
0.045
Published
2023-04-26
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
CVSS Score
4.9
EPSS Score
0.005
Published
2023-04-26
CVE-2023-29084
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
CVSS Score
7.2
EPSS Score
0.939
Published
2023-04-13
CVE-2023-28340
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-04-11
CVE-2023-28341
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
CVSS Score
6.1
EPSS Score
0.864
Published
2023-04-11
CVE-2023-28342
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
CVSS Score
7.5
EPSS Score
0.854
Published
2023-04-05
CVE-2022-43473
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.
CVSS Score
5.8
EPSS Score
0.017
Published
2023-03-30
CVE-2022-36413
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
CVSS Score
9.1
EPSS Score
0.01
Published
2023-03-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved