Zohocorp: Security Vulnerabilities
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.
CVSS Score
8.1
EPSS Score
0.078
Published
2025-05-14
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-21
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-03-03
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-02-05
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-01-29
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
CVSS Score
8.1
EPSS Score
0.007
Published
2024-11-27
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-11-18
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
CVSS Score
8.5
EPSS Score
0.002
Published
2024-11-08
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
CVSS Score
8.8
EPSS Score
0.052
Published
2024-11-08
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
CVSS Score
7.0
EPSS Score
0.001
Published
2024-11-07