Zohocorp: Security Vulnerabilities
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-10-21
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
CVSS Score
9.8
EPSS Score
0.388
Published
2021-10-13
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
CVSS Score
9.8
EPSS Score
0.264
Published
2021-10-13
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
CVSS Score
8.8
EPSS Score
0.484
Published
2021-10-13
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
CVSS Score
8.8
EPSS Score
0.484
Published
2021-10-13
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
CVSS Score
9.8
EPSS Score
0.056
Published
2021-10-07
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.441
Published
2021-10-07
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07