Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
CVSS Score
5.4
EPSS Score
0.249
Published
2022-04-05
CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.94
Published
2022-04-05
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
CVSS Score
5.3
EPSS Score
0.467
Published
2022-03-02
CVE-2022-24305
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
CVSS Score
9.8
EPSS Score
0.131
Published
2022-03-02
CVE-2022-24306
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
CVSS Score
9.8
EPSS Score
0.056
Published
2022-03-02
CVE-2022-24447
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-03-02
CVE-2022-24446
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
CVSS Score
4.3
EPSS Score
0.02
Published
2022-03-01
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
CVSS Score
6.5
EPSS Score
0.03
Published
2022-01-28
CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
CVSS Score
4.8
EPSS Score
0.204
Published
2022-01-27
CVE-2021-44757
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
CVSS Score
9.1
EPSS Score
0.386
Published
2022-01-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved