Zohocorp: Security Vulnerabilities
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
CVSS Score
9.8
EPSS Score
0.136
Published
2021-09-21
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
CVSS Score
8.8
EPSS Score
0.054
Published
2021-09-21
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
CVSS Score
9.8
EPSS Score
0.264
Published
2021-09-10
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
CVSS Score
9.8
EPSS Score
0.212
Published
2021-09-10
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-09-10
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2021-09-07
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
Known exploited
CVSS Score
9.8
EPSS Score
0.924
Published
2021-09-01
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.
CVSS Score
9.8
EPSS Score
0.186
Published
2021-08-30
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.
CVSS Score
9.8
EPSS Score
0.089
Published
2021-08-30
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
CVSS Score
9.8
EPSS Score
0.218
Published
2021-08-30