Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2022-28810
Known exploited
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
CVSS Score
6.8
EPSS Score
0.916
Published
2022-04-18
CVE-2022-26653
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
CVSS Score
5.3
EPSS Score
0.021
Published
2022-04-16
CVE-2022-26777
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
CVSS Score
5.3
EPSS Score
0.021
Published
2022-04-16
CVE-2022-24681
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
CVSS Score
6.1
EPSS Score
0.2
Published
2022-04-07
CVE-2022-24978
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-04-05
CVE-2022-25245
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
CVSS Score
5.3
EPSS Score
0.027
Published
2022-04-05
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
CVSS Score
5.4
EPSS Score
0.046
Published
2022-04-05
CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.942
Published
2022-04-05
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
CVSS Score
5.3
EPSS Score
0.709
Published
2022-03-02
CVE-2022-24305
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
CVSS Score
9.8
EPSS Score
0.131
Published
2022-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved