Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2020-28050
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.
CVSS Score
9.1
EPSS Score
0.016
Published
2021-03-05
CVE-2020-29658
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.
CVSS Score
9.8
EPSS Score
0.15
Published
2021-03-05
CVE-2021-27214
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
CVSS Score
6.1
EPSS Score
0.105
Published
2021-02-19
CVE-2020-35765
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
CVSS Score
8.8
EPSS Score
0.013
Published
2021-02-05
CVE-2019-16268
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
CVSS Score
4.8
EPSS Score
0.136
Published
2021-02-03
CVE-2020-28653
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
CVSS Score
9.8
EPSS Score
0.815
Published
2021-02-03
CVE-2020-27733
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-01-19
CVE-2019-16962
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
CVSS Score
5.4
EPSS Score
0.022
Published
2021-01-06
CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
CVSS Score
9.8
EPSS Score
0.301
Published
2020-10-29
CVE-2020-10816
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
CVSS Score
7.5
EPSS Score
0.306
Published
2020-10-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved