Zohocorp: Security Vulnerabilities
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
CVSS Score
2.4
EPSS Score
0.034
Published
2024-05-27
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Note: Non-admin users cannot exploit this vulnerability.
CVSS Score
4.7
EPSS Score
0.03
Published
2024-05-22
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
CVSS Score
8.3
EPSS Score
0.003
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
CVSS Score
8.3
EPSS Score
0.009
Published
2024-05-20
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.
Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
CVSS Score
8.1
EPSS Score
0.003
Published
2024-05-20
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
CVSS Score
8.3
EPSS Score
0.006
Published
2024-02-16