Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2023-29505
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-08-04
CVE-2023-38331
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
CVSS Score
5.4
EPSS Score
0.028
Published
2023-07-28
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-07
CVE-2023-37308
Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.
CVSS Score
5.4
EPSS Score
0.018
Published
2023-07-07
CVE-2023-35786
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
CVSS Score
4.9
EPSS Score
0.004
Published
2023-07-05
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
CVSS Score
9.8
EPSS Score
0.04
Published
2023-06-20
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
CVSS Score
8.8
EPSS Score
0.198
Published
2023-05-04
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-04-26
CVE-2023-29442
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
CVSS Score
6.1
EPSS Score
0.069
Published
2023-04-26
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
CVSS Score
4.9
EPSS Score
0.004
Published
2023-04-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved