Zohocorp

Manageengine Applications Manager

54 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-35512

Exploit
  • EPSS 1.43%
  • Published 21.10.2021 12:15:07
  • Last modified 21.11.2024 06:12:24

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.

5.4

CVE-2021-31813

Exploit
  • EPSS 20.33%
  • Published 01.07.2021 12:15:07
  • Last modified 21.11.2024 06:06:16

Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.

8.8

CVE-2020-35765

Exploit
  • EPSS 1.26%
  • Published 05.02.2021 14:15:16
  • Last modified 21.11.2024 05:28:02

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

8.8

CVE-2020-27733

  • EPSS 0.44%
  • Published 19.01.2021 16:15:12
  • Last modified 21.11.2024 05:21:42

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

9.8

CVE-2020-27995

  • EPSS 30.11%
  • Published 29.10.2020 17:15:12
  • Last modified 21.11.2024 05:22:10

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

7.5

CVE-2020-10816

  • EPSS 25.01%
  • Published 08.10.2020 17:15:12
  • Last modified 21.11.2024 04:56:07

Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

8.8

CVE-2020-16267

  • EPSS 1.31%
  • Published 06.10.2020 19:15:14
  • Last modified 21.11.2024 05:07:03

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.

8.8

CVE-2020-15927

  • EPSS 1.31%
  • Published 06.10.2020 19:15:13
  • Last modified 21.11.2024 05:06:28

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.

9.8

CVE-2020-15533

  • EPSS 11.45%
  • Published 01.10.2020 19:15:12
  • Last modified 21.11.2024 05:05:42

In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.

6.1

CVE-2020-15521

  • EPSS 7.34%
  • Published 25.09.2020 07:15:11
  • Last modified 21.11.2024 05:05:41

Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .