Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2021-44525
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-12-20
CVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
CVSS Score
9.8
EPSS Score
0.019
Published
2021-12-20
CVE-2021-44676
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
CVSS Score
9.8
EPSS Score
0.077
Published
2021-12-20
CVE-2021-44515
Known exploited
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
CVSS Score
9.8
EPSS Score
0.943
Published
2021-12-12
CVE-2021-44514
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
CVSS Score
9.8
EPSS Score
0.06
Published
2021-12-09
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
CVSS Score
6.1
EPSS Score
0.051
Published
2021-11-30
CVE-2021-43296
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVSS Score
7.5
EPSS Score
0.075
Published
2021-11-30
CVE-2021-43319
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
CVSS Score
9.8
EPSS Score
0.738
Published
2021-11-30
CVE-2021-42099
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
CVSS Score
9.8
EPSS Score
0.224
Published
2021-11-30
CVE-2021-43294
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
CVSS Score
6.1
EPSS Score
0.051
Published
2021-11-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved