Zohocorp: Security Vulnerabilities
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-05-27
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
CVSS Score
5.3
EPSS Score
0.058
Published
2024-05-27
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
CVSS Score
2.4
EPSS Score
0.034
Published
2024-05-27
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option.
Note: Non-admin users cannot exploit this vulnerability.
CVSS Score
4.7
EPSS Score
0.03
Published
2024-05-22
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
CVSS Score
8.3
EPSS Score
0.003
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
CVSS Score
8.3
EPSS Score
0.009
Published
2024-05-20