Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
CVSS Score
9.8
EPSS Score
0.212
Published
2021-11-03
CVE-2021-20136
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.
CVSS Score
9.8
EPSS Score
0.314
Published
2021-11-01
CVE-2021-35512
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-10-21
CVE-2021-40493
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
CVSS Score
9.8
EPSS Score
0.388
Published
2021-10-13
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
CVSS Score
9.8
EPSS Score
0.264
Published
2021-10-13
CVE-2021-20130
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
CVSS Score
8.8
EPSS Score
0.484
Published
2021-10-13
CVE-2021-20131
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
CVSS Score
8.8
EPSS Score
0.484
Published
2021-10-13
CVE-2021-38298
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
CVSS Score
9.8
EPSS Score
0.056
Published
2021-10-07
CVE-2021-37762
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37918
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.441
Published
2021-10-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved