Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2021-37416
Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
CVSS Score
6.1
EPSS Score
0.07
Published
2021-08-30
CVE-2021-40172
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
CVE-2021-40173
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
CVSS Score
9.8
EPSS Score
0.093
Published
2021-08-29
CVE-2021-40176
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
CVSS Score
6.1
EPSS Score
0.039
Published
2021-08-29
CVE-2021-40177
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
CVSS Score
9.8
EPSS Score
0.068
Published
2021-08-29
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
CVSS Score
6.1
EPSS Score
0.039
Published
2021-08-29
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side.
CVSS Score
8.8
EPSS Score
0.163
Published
2021-08-09
CVE-2021-33617
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
CVSS Score
5.3
EPSS Score
0.005
Published
2021-07-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved