Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2021-41081
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.
CVSS Score
9.8
EPSS Score
0.36
Published
2021-11-11
CVE-2021-41833
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
CVSS Score
9.8
EPSS Score
0.273
Published
2021-11-11
CVE-2021-42002
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
CVSS Score
9.8
EPSS Score
0.121
Published
2021-11-11
CVE-2021-42847
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
CVSS Score
9.8
EPSS Score
0.871
Published
2021-11-11
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
CVSS Score
9.8
EPSS Score
0.212
Published
2021-11-03
CVE-2021-20136
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.
CVSS Score
9.8
EPSS Score
0.314
Published
2021-11-01
CVE-2021-35512
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-10-21
CVE-2021-40493
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
CVSS Score
9.8
EPSS Score
0.275
Published
2021-10-13
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
CVSS Score
9.8
EPSS Score
0.364
Published
2021-10-13
CVE-2021-20130
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
CVSS Score
8.8
EPSS Score
0.484
Published
2021-10-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved