Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Opmanager  >> 12.5  Security Vulnerabilities
CVE-2022-27908
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVSS Score
8.8
EPSS Score
0.042
Published
2022-04-18
CVE-2021-44514
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
CVSS Score
9.8
EPSS Score
0.06
Published
2021-12-09
CVE-2021-40493
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
CVSS Score
9.8
EPSS Score
0.275
Published
2021-10-13
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
CVSS Score
9.8
EPSS Score
0.364
Published
2021-10-13
CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
CVSS Score
9.8
EPSS Score
0.222
Published
2021-09-30
CVE-2021-3287
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
CVSS Score
9.8
EPSS Score
0.711
Published
2021-04-22
CVE-2021-20078
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.
CVSS Score
9.1
EPSS Score
0.441
Published
2021-04-01
CVE-2020-28653
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
CVSS Score
9.8
EPSS Score
0.818
Published
2021-02-03
CVE-2020-13818
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
CVSS Score
7.5
EPSS Score
0.766
Published
2020-06-04
CVE-2020-12116
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
CVSS Score
7.5
EPSS Score
0.905
Published
2020-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved