Zohocorp

Manageengine Eventlog Analyzer

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-35785

  • EPSS 0.36%
  • Veröffentlicht 28.08.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:08:41

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, ...

9.8

CVE-2021-28959

  • EPSS 3.87%
  • Veröffentlicht 30.04.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:00:26

Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.

10

CVE-2020-24786

  • EPSS 6.78%
  • Veröffentlicht 31.08.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:04

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build nu...

7.5

CVE-2014-6039

Exploit
  • EPSS 83.63%
  • Veröffentlicht 13.01.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 02:13:39

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.

7.5

CVE-2014-6038

Exploit
  • EPSS 83.79%
  • Veröffentlicht 13.01.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 02:13:39

Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.

8.8

CVE-2019-19774

Exploit
  • EPSS 12.36%
  • Veröffentlicht 13.12.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:21

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even admi...

7.8

CVE-2019-12133

  • EPSS 0.06%
  • Veröffentlicht 18.06.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:17

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such...

6.1

CVE-2018-10076

  • EPSS 0.51%
  • Veröffentlicht 02.07.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:46

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).

6.1

CVE-2018-10075

  • EPSS 0.51%
  • Veröffentlicht 02.07.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:46

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.

6.1

CVE-2018-8721

Exploit
  • EPSS 1.45%
  • Veröffentlicht 15.03.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:12

Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen