Zohocorp: >> Manageengine Applications Manager >> 15.2 Security Vulnerabilities
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-08-01
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
CVSS Score
6.1
EPSS Score
0.069
Published
2023-08-10
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
CVSS Score
6.1
EPSS Score
0.069
Published
2023-04-26
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-04-11
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
CVSS Score
7.2
EPSS Score
0.274
Published
2022-05-24
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-10-21