Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
CVSS Score
7.2
EPSS Score
0.659
Published
2022-11-23
CVE-2022-42904
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
CVSS Score
7.2
EPSS Score
0.794
Published
2022-11-18
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-11-17
CVE-2022-43671
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
CVSS Score
9.8
EPSS Score
0.52
Published
2022-11-12
CVE-2022-43672
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
CVSS Score
9.8
EPSS Score
0.456
Published
2022-11-12
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-11-12
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-11-12
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
CVSS Score
8.8
EPSS Score
0.045
Published
2022-11-09
CVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
CVSS Score
9.8
EPSS Score
0.382
Published
2022-09-16
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
CVSS Score
8.8
EPSS Score
0.391
Published
2022-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved