Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2021-44514
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
CVSS Score
9.8
EPSS Score
0.06
Published
2021-12-09
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
CVSS Score
6.1
EPSS Score
0.051
Published
2021-11-30
CVE-2021-43296
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVSS Score
7.5
EPSS Score
0.075
Published
2021-11-30
CVE-2021-43319
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
CVSS Score
9.8
EPSS Score
0.742
Published
2021-11-30
CVE-2021-42099
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
CVSS Score
9.8
EPSS Score
0.224
Published
2021-11-30
CVE-2021-43294
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
CVSS Score
6.1
EPSS Score
0.051
Published
2021-11-30
CVE-2021-44077
Known exploited
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
CVSS Score
9.8
EPSS Score
0.942
Published
2021-11-29
CVE-2021-42954
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-11-17
CVE-2021-42955
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
CVSS Score
7.3
EPSS Score
0.001
Published
2021-11-17
CVE-2021-41080
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.
CVSS Score
9.8
EPSS Score
0.223
Published
2021-11-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved