Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.056
Published
2021-06-29
CVE-2021-28958
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
CVSS Score
9.8
EPSS Score
0.575
Published
2021-06-25
CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVSS Score
5.3
EPSS Score
0.237
Published
2021-06-16
CVE-2021-31857
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.
CVSS Score
5.9
EPSS Score
0.005
Published
2021-06-16
CVE-2021-20081
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
CVSS Score
7.2
EPSS Score
0.645
Published
2021-06-10
CVE-2021-28382
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.
CVSS Score
5.4
EPSS Score
0.195
Published
2021-06-07
CVE-2021-27956
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
CVSS Score
6.1
EPSS Score
0.015
Published
2021-05-20
CVE-2021-28959
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.241
Published
2021-04-30
CVE-2021-3287
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
CVSS Score
9.8
EPSS Score
0.885
Published
2021-04-22
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
CVSS Score
6.1
EPSS Score
0.252
Published
2021-04-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved