Zohocorp: >> Manageengine Applications Manager Security Vulnerabilities
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
CVSS Score
8.8
EPSS Score
0.029
Published
2022-01-10
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
CVSS Score
9.8
EPSS Score
0.212
Published
2021-11-03
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-10-21
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
CVSS Score
5.4
EPSS Score
0.246
Published
2021-07-01
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
CVSS Score
8.8
EPSS Score
0.013
Published
2021-02-05
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
CVSS Score
8.8
EPSS Score
0.044
Published
2021-01-19
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
CVSS Score
9.8
EPSS Score
0.359
Published
2020-10-29
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
CVSS Score
7.5
EPSS Score
0.25
Published
2020-10-08
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
CVSS Score
8.8
EPSS Score
0.013
Published
2020-10-06
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
CVSS Score
8.8
EPSS Score
0.013
Published
2020-10-06