Zohocorp: Security Vulnerabilities
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
CVSS Score
9.8
EPSS Score
0.325
Published
2021-09-30
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
CVSS Score
7.5
EPSS Score
0.061
Published
2021-09-30
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
CVSS Score
7.5
EPSS Score
0.114
Published
2021-09-30
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
CVSS Score
7.5
EPSS Score
0.114
Published
2021-09-30
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-09-27
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
CVSS Score
9.8
EPSS Score
0.382
Published
2021-09-27
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
CVSS Score
9.8
EPSS Score
0.168
Published
2021-09-22
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-09-22
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
CVSS Score
7.5
EPSS Score
0.077
Published
2021-09-21
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
CVSS Score
6.5
EPSS Score
0.011
Published
2021-09-21