Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-11-17
CVE-2022-43671
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
CVSS Score
9.8
EPSS Score
0.52
Published
2022-11-12
CVE-2022-43672
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
CVSS Score
9.8
EPSS Score
0.52
Published
2022-11-12
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
CVSS Score
8.8
EPSS Score
0.009
Published
2022-11-12
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-11-12
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
CVSS Score
8.8
EPSS Score
0.043
Published
2022-11-09
CVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
CVSS Score
9.8
EPSS Score
0.535
Published
2022-09-16
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
CVSS Score
8.8
EPSS Score
0.391
Published
2022-08-29
CVE-2020-21641
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.
CVSS Score
7.5
EPSS Score
0.046
Published
2022-08-15
CVE-2020-21642
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
CVSS Score
9.8
EPSS Score
0.071
Published
2022-08-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved