Latest zohocorp manageengine opmanager Vulnerabilities

CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send...
Zohocorp Manageengine Firewall Analyzer<12.7
Zohocorp Manageengine Firewall Analyzer=12.7-build127000
Zohocorp Manageengine Firewall Analyzer=12.7-build127101
Zohocorp Manageengine Firewall Analyzer=12.7-build127130
Zohocorp Manageengine Firewall Analyzer=12.7-build127131
Zohocorp Manageengine Firewall Analyzer=12.7-build127187
and 91 more
CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2023-31099
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
Zohocorp Manageengine Opmanager<12.6
Zohocorp Manageengine Opmanager=12.6-build126000
Zohocorp Manageengine Opmanager=12.6-build126001
Zohocorp Manageengine Opmanager=12.6-build126002
Zohocorp Manageengine Opmanager=12.6-build126004
Zohocorp Manageengine Opmanager=12.6-build126005
and 63 more
CVE-2022-43473
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a ma...
Zohocorp Manageengine Opmanager<12.6
Zohocorp Manageengine Opmanager=12.6-build126000
Zohocorp Manageengine Opmanager=12.6-build126001
Zohocorp Manageengine Opmanager=12.6-build126002
Zohocorp Manageengine Opmanager=12.6-build126004
Zohocorp Manageengine Opmanager=12.6-build126005
and 75 more
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make dat...
Zohocorp Manageengine Netflow Analyzer=12.5-build125450
Zohocorp Manageengine Netflow Analyzer=12.5-build125451
Zohocorp Manageengine Netflow Analyzer=12.5-build125452
Zohocorp Manageengine Netflow Analyzer=12.5-build125453
Zohocorp Manageengine Netflow Analyzer=12.5-build125455
Zohocorp Manageengine Netflow Analyzer=12.5-build125456
and 202 more
CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allo...
Zohocorp Manageengine Firewall Analyzer=12.5-build125450
Zohocorp Manageengine Firewall Analyzer=12.5-build125451
Zohocorp Manageengine Firewall Analyzer=12.5-build125452
Zohocorp Manageengine Firewall Analyzer=12.5-build125453
Zohocorp Manageengine Firewall Analyzer=12.5-build125455
Zohocorp Manageengine Firewall Analyzer=12.5-build125456
and 102 more
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104...
Zohocorp Manageengine Firewall Analyzer=12.5-build125450
Zohocorp Manageengine Firewall Analyzer=12.5-build125451
Zohocorp Manageengine Firewall Analyzer=12.5-build125452
Zohocorp Manageengine Firewall Analyzer=12.5-build125453
Zohocorp Manageengine Firewall Analyzer=12.5-build125455
Zohocorp Manageengine Firewall Analyzer=12.5-build125456
and 102 more
CVE-2022-35404
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
and 330 more
CVE-2022-29535
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
and 133 more
CVE-2021-44514
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
Zohocorp Manageengine Opmanager=12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
Zohocorp Manageengine Opmanager=12.5-build125102
and 124 more
CVE-2021-41075
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
and 112 more
CVE-2021-40493
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
and 105 more
CVE-2021-3287
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
and 60 more
CVE-2021-20078
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remote...
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
Zohocorp Manageengine Opmanager=12.5-build125102
and 65 more
CVE-2020-28653
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
Zohocorp Manageengine Opmanager=12.5-build125102
and 53 more
CVE-2020-13818
ManageEngine OpManager OpmSkipFilter Directory Traversal Information Disclosure Vulnerability
Zohocorp Manageengine Opmanager<12.5
Zohocorp Manageengine Opmanager=12.5
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
and 21 more
CVE-2020-12116
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
Zohocorp Manageengine Opmanager<=12.3
Zohocorp Manageengine Opmanager=12.4
Zohocorp Manageengine Opmanager=12.4-build124000
Zohocorp Manageengine Opmanager=12.4-build124011
Zohocorp Manageengine Opmanager=12.4-build124012
Zohocorp Manageengine Opmanager=12.4-build124013
and 74 more
CVE-2020-11946
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.
Zohocorp Manageengine Opmanager=12.5-build125000
Zohocorp Manageengine Opmanager=12.5-build125002
Zohocorp Manageengine Opmanager=12.5-build125100
Zohocorp Manageengine Opmanager=12.5-build125101
Zohocorp Manageengine Opmanager=12.5-build125102
Zohocorp Manageengine Opmanager=12.5-build125108
and 8 more
CVE-2020-10541
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.
Zohocorp Manageengine Opmanager<12.4.179
CVE-2014-7863
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properl...
Zohocorp Manageengine Applications Manager<=11.9
Zohocorp Manageengine It360<=10.5
Zohocorp Manageengine Opmanager>=8<=11.5
CVE-2019-17421
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting ...
Zohocorp Manageengine Firewall Analyzer=12.4-124072
Zohocorp Manageengine Opmanager=12.4-build124072
CVE-2019-17602
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could...
Zohocorp Manageengine Opmanager<12.4
Zohocorp Manageengine Opmanager=12.4
Zohocorp Manageengine Opmanager=12.4-build124000
Zohocorp Manageengine Opmanager=12.4-build124011
Zohocorp Manageengine Opmanager=12.4-build124012
Zohocorp Manageengine Opmanager=12.4-build124013
and 35 more
CVE-2019-15106
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for ...
Zohocorp Manageengine Opmanager<=12.4.034
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associat...
Zoho ManageEngine=1.0
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Desktop Central=10.0.380
Zohocorp Manageengine Eventlog Analyzer=12.0.2
Zohocorp Manageengine Firewall=12.0
Zohocorp Manageengine Key Manager Plus=5.6
and 12 more
CVE-2017-11560
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locati...
Zohocorp Manageengine Opmanager=12.2
CVE-2017-11559
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL In...
Zohocorp Manageengine Opmanager=12.2
CVE-2017-11561
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a ...
Zohocorp Manageengine Opmanager=12.2
CVE-2018-20339
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
Zohocorp Manageengine Opmanager=12.3-build123003
Zohocorp Manageengine Opmanager=12.3-build123004
Zohocorp Manageengine Opmanager=12.3-build123005
and 146 more
CVE-2018-20173
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
Zohocorp Manageengine Opmanager=12.3-build123003
Zohocorp Manageengine Opmanager=12.3-build123004
Zohocorp Manageengine Opmanager=12.3-build123005
and 83 more
CVE-2018-19921
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
Zohocorp Manageengine Opmanager=11.4
Zohocorp Manageengine Opmanager=11.5
Zohocorp Manageengine Opmanager=12.3
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
and 154 more
CVE-2018-18715
Zohocorp Manageengine Opmanager=12.3
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
Zohocorp Manageengine Opmanager=12.3-build123003
Zohocorp Manageengine Opmanager=12.3-build123004
and 143 more
CVE-2018-18716
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
Zohocorp Manageengine Opmanager=11.4
Zohocorp Manageengine Opmanager=11.5
Zohocorp Manageengine Opmanager=12.3
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
and 145 more
CVE-2018-19288
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
Zohocorp Manageengine Opmanager=11.4
Zohocorp Manageengine Opmanager=11.5
Zohocorp Manageengine Opmanager=12.3
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
and 148 more
CVE-2018-18980
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.d...
Zohocorp Manageengine Network Configuration Manager<12.3.214
Zohocorp Manageengine Opmanager<12.3.214
CVE-2018-18949
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
Zohocorp Manageengine Opmanager=11.4
Zohocorp Manageengine Opmanager=11.5
Zohocorp Manageengine Opmanager=12.3
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
and 148 more
CVE-2018-18475
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
Zohocorp Manageengine Opmanager=12.3-build123003
Zohocorp Manageengine Opmanager=12.3-build123004
Zohocorp Manageengine Opmanager=12.3-build123005
Zohocorp Manageengine Opmanager=12.3-build123006
and 137 more
CVE-2018-18262
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
Zohocorp Manageengine Opmanager=12.3-build12300
Zohocorp Manageengine Opmanager=12.3-build123001
Zohocorp Manageengine Opmanager=12.3-build123002
Zohocorp Manageengine Opmanager=12.3-build123003
Zohocorp Manageengine Opmanager=12.3-build123004
Zohocorp Manageengine Opmanager=12.3-build123005
and 138 more
CVE-2018-17283
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged a...
Zohocorp Manageengine Opmanager<12.3
CVE-2018-12998
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtil...
Zohocorp Manageengine Netflow Analyzer
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Oputils
Zohocorp Firewall Analyzer
and 1 more
CVE-2018-12997
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils b...
Zohocorp Manageengine Netflow Analyzer
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Oputils
Zohocorp Firewall Analyzer
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203