Latest zohocorp manageengine adaudit plus Vulnerabilities

CVE-2024-0269
SQL Injection
Zohocorp Manageengine Adaudit Plus<7.2
Zohocorp Manageengine Adaudit Plus=7.2-7200
Zohocorp Manageengine Adaudit Plus=7.2-7201
Zohocorp Manageengine Adaudit Plus=7.2-7202
Zohocorp Manageengine Adaudit Plus=7.2-7203
Zohocorp Manageengine Adaudit Plus=7.2-7210
and 9 more
CVE-2024-0253
SQL Injection
Zohocorp Manageengine Adaudit Plus<7.2
Zohocorp Manageengine Adaudit Plus=7.2-7200
Zohocorp Manageengine Adaudit Plus=7.2-7201
Zohocorp Manageengine Adaudit Plus=7.2-7202
Zohocorp Manageengine Adaudit Plus=7.2-7203
Zohocorp Manageengine Adaudit Plus=7.2-7210
and 9 more
CVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
Zohocorp Manageengine Adaudit Plus<7.2
Zohocorp Manageengine Adaudit Plus=7.2-7200
Zohocorp Manageengine Adaudit Plus=7.2-7201
Zohocorp Manageengine Adaudit Plus=7.2-7202
Zohocorp Manageengine Adaudit Plus=7.2-7203
Zohocorp Manageengine Adaudit Plus=7.2-7210
and 9 more
CVE-2023-48792
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
Zohocorp Manageengine Adaudit Plus<7.2
Zohocorp Manageengine Adaudit Plus=7.2-7200
Zohocorp Manageengine Adaudit Plus=7.2-7201
Zohocorp Manageengine Adaudit Plus=7.2-7202
Zohocorp Manageengine Adaudit Plus=7.2-7203
Zohocorp Manageengine Adaudit Plus=7.2-7210
and 5 more
CVE-2023-50785
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
Zohocorp Manageengine Adaudit Plus=7.2-7200
Zohocorp Manageengine Adaudit Plus=7.2-7201
Zohocorp Manageengine Adaudit Plus=7.2-7202
Zohocorp Manageengine Adaudit Plus=7.2-7203
Zohocorp Manageengine Adaudit Plus=7.2-7210
Zohocorp Manageengine Adaudit Plus=7.2-7211
and 7 more
CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4...
Zohocorp Manageengine Ad360<4.3
Zohocorp Manageengine Ad360=4.3-4300
Zohocorp Manageengine Ad360=4.3-4302
Zohocorp Manageengine Ad360=4.3-4303
Zohocorp Manageengine Ad360=4.3-4304
Zohocorp Manageengine Ad360=4.3-4305
and 229 more
CVE-2023-32783
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.
Zohocorp Manageengine Adaudit Plus=7.1.1
Microsoft Windows
=7.1.1
CVE-2023-37308
Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.
Zohocorp Manageengine Adaudit Plus<7.0
Zohocorp Manageengine Adaudit Plus=7.0
Zohocorp Manageengine Adaudit Plus=7.0-7000
Zohocorp Manageengine Adaudit Plus=7.0-7002
Zohocorp Manageengine Adaudit Plus=7.0-7003
Zohocorp Manageengine Adaudit Plus=7.0-7004
and 19 more
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Zohocorp Manageengine Adaudit Plus<7.0.0
Zohocorp Manageengine Adaudit Plus=7.0.0
Zohocorp Manageengine Adaudit Plus=7.0.0-7000
Zohocorp Manageengine Adaudit Plus=7.0.0-7002
Zohocorp Manageengine Adaudit Plus=7.0.0-7003
Zohocorp Manageengine Adaudit Plus=7.0.0-7004
and 58 more
CVE-2022-24978
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
Zohocorp Manageengine Adaudit Plus<=6.0
Zohocorp Manageengine Adaudit Plus=7.0-7000
Zohocorp Manageengine Adaudit Plus=7.0-7002
Zohocorp Manageengine Adaudit Plus=7.0-7003
Zohocorp Manageengine Adaudit Plus=7.0-7004
Zohocorp Manageengine Adaudit Plus=7.0-7005
and 8 more
CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Zohocorp Manageengine Adaudit Plus<=6.0
Zohocorp Manageengine Adaudit Plus=7.0-7000
Zohocorp Manageengine Adaudit Plus=7.0-7002
Zohocorp Manageengine Adaudit Plus=7.0-7003
Zohocorp Manageengine Adaudit Plus=7.0-7004
Zohocorp Manageengine Adaudit Plus=7.0-7005
and 8 more
CVE-2021-42847
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
Zohocorp Manageengine Adaudit Plus<7.0
Zohocorp Manageengine Adaudit Plus=7.0
Zohocorp Manageengine Adaudit Plus=7.0-7000
Zohocorp Manageengine Adaudit Plus=7.0-7002
Zohocorp Manageengine Adaudit Plus=7.0-7003
Zohocorp Manageengine Adaudit Plus=7.0-7004
and 1 more
CVE-2020-24786
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before buil...
Zohocorp Manageengine Adselfservice Plus<=5.7
Zohocorp Manageengine Adselfservice Plus=5.8
Zohocorp Manageengine Adselfservice Plus=5.8-5800
Zohocorp Manageengine Adselfservice Plus=5.8-5801
Zohocorp Manageengine Adselfservice Plus=5.8-5802
Zohocorp Manageengine Adselfservice Plus=5.8-5803
and 146 more
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenti...
Zohocorp Manageengine Adaudit Plus<6.0.1
Zohocorp Manageengine Datasecurity Plus<6.0.1
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and ex...
Zohocorp Manageengine Adaudit Plus<6.0.3
Zohocorp Manageengine Datasecurity Plus<6.0.1
CVE-2018-19118
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
Zohocorp Manageengine Adaudit Plus<5.1
CVE-2018-10466
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.
Zohocorp Manageengine Adaudit Plus<5.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203