Zohocorp

Manageengine Opmanager

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-12116

  • EPSS 90.53%
  • Veröffentlicht 07.05.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:16

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

7.5

CVE-2020-11946

  • EPSS 67.01%
  • Veröffentlicht 20.04.2020 21:15:13
  • Zuletzt bearbeitet 21.11.2024 04:58:57

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

7.5

CVE-2020-11527

  • EPSS 13.62%
  • Veröffentlicht 04.04.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 04:58:04

In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.

9.8

CVE-2020-10541

  • EPSS 2.31%
  • Veröffentlicht 13.03.2020 06:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:32

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.

7.5

CVE-2014-7863

Exploit
  • EPSS 88.87%
  • Veröffentlicht 08.02.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 02:18:09

The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers a...

7.8

CVE-2019-17421

Exploit
  • EPSS 0.11%
  • Veröffentlicht 21.11.2019 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:32:18

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

9.8

CVE-2019-17602

  • EPSS 58.63%
  • Veröffentlicht 15.10.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:37

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.

9.8

CVE-2019-15106

Exploit
  • EPSS 37.24%
  • Veröffentlicht 16.08.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:03

An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admi...

7.8

CVE-2019-12133

  • EPSS 0.06%
  • Veröffentlicht 18.06.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:17

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such...

5.4

CVE-2017-11560

Exploit
  • EPSS 1.5%
  • Veröffentlicht 23.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:08:01

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uplo...