Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
CVSS Score
7.5
EPSS Score
0.054
Published
2019-08-14
CVE-2019-12959
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-08-08
CVE-2019-12994
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
CVSS Score
9.1
EPSS Score
0.036
Published
2019-08-08
CVE-2019-14693
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
8.5
EPSS Score
0.007
Published
2019-08-08
CVE-2019-12876
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
CVSS Score
7.3
EPSS Score
0.001
Published
2019-07-17
CVE-2019-12537
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
CVSS Score
6.1
EPSS Score
0.019
Published
2019-07-11
CVE-2019-12539
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
CVSS Score
6.1
EPSS Score
0.059
Published
2019-07-11
CVE-2019-12540
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
CVSS Score
6.1
EPSS Score
0.051
Published
2019-07-11
CVE-2019-12595
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
CVSS Score
6.1
EPSS Score
0.019
Published
2019-07-11
CVE-2019-12596
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
CVSS Score
6.1
EPSS Score
0.019
Published
2019-07-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved