Zohocorp

Manageengine Applications Manager

54 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-15394

  • EPSS 31.38%
  • Published 25.09.2020 07:15:11
  • Last modified 21.11.2024 05:05:28

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

7.2

CVE-2020-14008

Exploit
  • EPSS 45.04%
  • Published 04.09.2020 15:15:10
  • Last modified 21.11.2024 05:02:20

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.

5.3

CVE-2019-19799

Exploit
  • EPSS 6.9%
  • Published 13.03.2020 17:15:11
  • Last modified 21.11.2024 04:35:24

Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.

7.5

CVE-2014-7863

Exploit
  • EPSS 88.87%
  • Published 08.02.2020 17:15:10
  • Last modified 21.11.2024 02:18:09

The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers a...

5.3

CVE-2019-19800

  • EPSS 9.89%
  • Published 06.02.2020 17:15:13
  • Last modified 21.11.2024 04:35:24

Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.

9

CVE-2019-19475

  • EPSS 0.25%
  • Published 10.01.2020 22:15:11
  • Last modified 21.11.2024 04:34:48

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticate...

8.8

CVE-2019-19650

  • EPSS 7.39%
  • Published 11.12.2019 18:16:19
  • Last modified 21.11.2024 04:35:08

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

9.8

CVE-2019-19649

  • EPSS 61.06%
  • Published 11.12.2019 18:16:19
  • Last modified 21.11.2024 04:35:07

Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.

9

CVE-2019-15105

Exploit
  • EPSS 3.65%
  • Published 16.08.2019 03:15:11
  • Last modified 21.11.2024 04:28:03

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM ...

9

CVE-2019-15104

Exploit
  • EPSS 3.44%
  • Published 16.08.2019 03:15:11
  • Last modified 21.11.2024 04:28:03

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the se...