Zohocorp: Security Vulnerabilities
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-09-10
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2021-09-07
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
Known exploited
CVSS Score
9.8
EPSS Score
0.894
Published
2021-09-01
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
CVSS Score
9.8
EPSS Score
0.186
Published
2021-08-30
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
CVSS Score
9.8
EPSS Score
0.089
Published
2021-08-30
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
CVSS Score
9.8
EPSS Score
0.218
Published
2021-08-30
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
CVSS Score
6.1
EPSS Score
0.07
Published
2021-08-30
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29