Zohocorp: Security Vulnerabilities
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
CVSS Score
8.3
EPSS Score
0.01
Published
2024-08-12
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.
CVSS Score
8.3
EPSS Score
0.012
Published
2024-08-12
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
CVSS Score
8.3
EPSS Score
0.012
Published
2024-08-12
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
CVSS Score
4.7
EPSS Score
0.016
Published
2024-08-01
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
CVSS Score
8.3
EPSS Score
0.012
Published
2024-07-26
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
CVSS Score
8.3
EPSS Score
0.012
Published
2024-07-26
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
CVSS Score
8.8
EPSS Score
0.072
Published
2024-07-17
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
CVSS Score
5.5
EPSS Score
0.004
Published
2024-07-17
Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.
CVSS Score
6.3
EPSS Score
0.01
Published
2024-05-29
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
CVSS Score
4.2
EPSS Score
0.001
Published
2024-05-27