Zohocorp: Security Vulnerabilities
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-04-05
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
CVSS Score
5.3
EPSS Score
0.029
Published
2022-04-05
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
CVSS Score
5.4
EPSS Score
0.133
Published
2022-04-05
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.942
Published
2022-04-05
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
CVSS Score
5.3
EPSS Score
0.792
Published
2022-03-02
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
CVSS Score
9.8
EPSS Score
0.131
Published
2022-03-02
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
CVSS Score
9.8
EPSS Score
0.056
Published
2022-03-02
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-03-02
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
CVSS Score
4.3
EPSS Score
0.02
Published
2022-03-01
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
CVSS Score
6.5
EPSS Score
0.03
Published
2022-01-28