Latest zohocorp manageengine admanager plus Vulnerabilities

CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2023-41904
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
Zohocorp Manageengine Admanager Plus<7.2
Zohocorp Manageengine Admanager Plus=7.2-7200
Zohocorp Manageengine Admanager Plus=7.2-7201
Zohocorp Manageengine Admanager Plus=7.2-7202
CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
Zohocorp Manageengine Admanager Plus<7.2
CVE-2023-39912
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
<=7202
Zohocorp Manageengine Admanager Plus<=7202
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4...
Zohocorp Manageengine Ad360<4.3
Zohocorp Manageengine Ad360=4.3-4300
Zohocorp Manageengine Ad360=4.3-4302
Zohocorp Manageengine Ad360=4.3-4303
Zohocorp Manageengine Ad360=4.3-4304
Zohocorp Manageengine Ad360=4.3-4305
and 229 more
CVE-2023-31492
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
and 30 more
CVE-2023-38332
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
Zohocorp Manageengine Admanager Plus<7.2
Zohocorp Manageengine Admanager Plus=7.2-7200
Zohocorp Manageengine Admanager Plus=7.2-7201
CVE-2023-29084
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
Zohocorp Manageengine Admanager Plus=7.1-7111
and 27 more
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-42904
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
and 21 more
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Zohocorp Manageengine Adaudit Plus<7.0.0
Zohocorp Manageengine Adaudit Plus=7.0.0
Zohocorp Manageengine Adaudit Plus=7.0.0-7000
Zohocorp Manageengine Adaudit Plus=7.0.0-7002
Zohocorp Manageengine Adaudit Plus=7.0.0-7003
Zohocorp Manageengine Adaudit Plus=7.0.0-7004
and 58 more
CVE-2021-42002
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
and 4 more
CVE-2021-20130
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-20131
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-38298
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
CVE-2021-37930
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37924
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37922
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37762
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37919
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37918
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37928
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37926
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37923
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37921
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37761
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37539
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37927
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37925
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
CVE-2021-37741
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
Zohocorp Manageengine Admanager Plus=7.1-7110
CVE-2021-37420
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
Zohocorp Manageengine Admanager Plus<6.1
Zohocorp Manageengine Admanager Plus=6.1
Zohocorp Manageengine Admanager Plus=6.1-6100
Zohocorp Manageengine Admanager Plus=6.1-6101
Zohocorp Manageengine Admanager Plus=6.1-6102
Zohocorp Manageengine Admanager Plus=6.1-6103
and 8 more
CVE-2021-37419
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
Zohocorp Manageengine Admanager Plus<6.1
Zohocorp Manageengine Admanager Plus=6.1
Zohocorp Manageengine Admanager Plus=6.1-6100
Zohocorp Manageengine Admanager Plus=6.1-6101
Zohocorp Manageengine Admanager Plus=6.1-6102
Zohocorp Manageengine Admanager Plus=6.1-6103
and 8 more
CVE-2021-37424
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
Zohocorp Manageengine Admanager Plus<6.1
Zohocorp Manageengine Admanager Plus=6.1
Zohocorp Manageengine Admanager Plus=6.1-6100
Zohocorp Manageengine Admanager Plus=6.1-6101
Zohocorp Manageengine Admanager Plus=6.1-6102
Zohocorp Manageengine Admanager Plus=6.1-6103
and 8 more
CVE-2021-36771
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
CVE-2021-36772
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
CVE-2021-33911
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
Zohocorp Manageengine Admanager Plus<7.1
Zohocorp Manageengine Admanager Plus=7.1
Zohocorp Manageengine Admanager Plus=7.1-7100
Zohocorp Manageengine Admanager Plus=7.1-7101
Zohocorp Manageengine Admanager Plus=7.1-7102
CVE-2020-35594
Zoho ManageEngine ADManager Plus before 7066 allows XSS.
Zohocorp Manageengine Admanager Plus<7.0
Zohocorp Manageengine Admanager Plus=7.0
Zohocorp Manageengine Admanager Plus=7.0-7000
Zohocorp Manageengine Admanager Plus=7.0-7010
Zohocorp Manageengine Admanager Plus=7.0-7011
Zohocorp Manageengine Admanager Plus=7.0-7020
and 17 more
CVE-2020-24786
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before buil...
Zohocorp Manageengine Adselfservice Plus<=5.7
Zohocorp Manageengine Adselfservice Plus=5.8
Zohocorp Manageengine Adselfservice Plus=5.8-5800
Zohocorp Manageengine Adselfservice Plus=5.8-5801
Zohocorp Manageengine Adselfservice Plus=5.8-5802
Zohocorp Manageengine Adselfservice Plus=5.8-5803
and 146 more
CVE-2019-12876
Zohocorp Manageengine Admanager Plus=6.6.5
Zohocorp Manageengine Adselfservice Plus=5.7
Zohocorp Manageengine Desktop Central=10.0.380
CVE-2018-19374
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
Zohocorp Manageengine Admanager Plus=6.6-6657
CVE-2018-15740
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
Zohocorp Manageengine Admanager Plus=6.5.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203