Zohocorp: Security Vulnerabilities
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVSS Score
7.5
EPSS Score
0.1
Published
2021-06-29
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
CVSS Score
7.5
EPSS Score
0.045
Published
2021-06-29
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.056
Published
2021-06-29
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
CVSS Score
9.8
EPSS Score
0.553
Published
2021-06-25
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVSS Score
5.3
EPSS Score
0.22
Published
2021-06-16
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.
CVSS Score
5.9
EPSS Score
0.005
Published
2021-06-16
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
CVSS Score
7.2
EPSS Score
0.567
Published
2021-06-10
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.
CVSS Score
5.4
EPSS Score
0.18
Published
2021-06-07
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-05-20
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.241
Published
2021-04-30