Latest zohocorp manageengine assetexplorer Vulnerabilities

CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4...
Zohocorp Manageengine Ad360<4.3
Zohocorp Manageengine Ad360=4.3-4300
Zohocorp Manageengine Ad360=4.3-4302
Zohocorp Manageengine Ad360=4.3-4303
Zohocorp Manageengine Ad360=4.3-4304
Zohocorp Manageengine Ad360=4.3-4305
and 229 more
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a ...
Zohocorp Manageengine Assetexplorer=6.9-6980
Zohocorp Manageengine Assetexplorer=6.9-6981
Zohocorp Manageengine Assetexplorer=6.9-6982
Zohocorp Manageengine Assetexplorer=6.9-6983
Zohocorp Manageengine Assetexplorer=6.9-6984
Zohocorp Manageengine Assetexplorer=6.9-6985
and 16 more
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 42 more
CVE-2023-26600
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 74 more
CVE-2023-23075
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
Zohocorp Manageengine Assetexplorer=6.9-6904
and 32 more
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0-13000
and 58 more
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
and 65 more
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticke...
Zohocorp Manageengine Servicedesk Plus<13.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
Zohocorp Manageengine Servicedesk Plus=13.0-13001
Zohocorp Manageengine Servicedesk Plus=13.0-13002
Zohocorp Manageengine Servicedesk Plus=13.0-13003
Zohocorp Manageengine Servicedesk Plus=13.0-13004
and 59 more
CVE-2021-20108
Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on th...
Zohocorp Manageengine Assetexplorer=1.0.34
CVE-2021-20110
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address...
Zohocorp Manageengine Assetexplorer=1.0.34
CVE-2019-19034
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an...
Zohocorp Manageengine Assetexplorer=6.5
CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent ne...
Zohocorp Manageengine Assetexplorer=6.5
CVE-2019-12959
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
Zohocorp Manageengine Assetexplorer<6.2.0
CVE-2019-14693
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sens...
Zohocorp Manageengine Assetexplorer=6.2.0
CVE-2019-12994
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
Zohocorp Manageengine Assetexplorer=6.2.0
CVE-2019-12596
Zohocorp Manageengine Assetexplorer=6.5
Zohocorp Manageengine Assetexplorer=6.5-6500
Zohocorp Manageengine Assetexplorer=6.5-6501
Zohocorp Manageengine Assetexplorer=6.5-6502
Zohocorp Manageengine Assetexplorer=6.5-6503
Zohocorp Manageengine Assetexplorer=6.5-6504
CVE-2019-12595
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
Zohocorp Manageengine Assetexplorer=6.5
Zohocorp Manageengine Assetexplorer=6.5-6500
Zohocorp Manageengine Assetexplorer=6.5-6501
Zohocorp Manageengine Assetexplorer=6.5-6502
Zohocorp Manageengine Assetexplorer=6.5-6503
Zohocorp Manageengine Assetexplorer=6.5-6504
CVE-2019-12537
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
Zohocorp Manageengine Assetexplorer=6.5
Zohocorp Manageengine Assetexplorer=6.5-6500
Zohocorp Manageengine Assetexplorer=6.5-6501
Zohocorp Manageengine Assetexplorer=6.5-6502
Zohocorp Manageengine Assetexplorer=6.5-6503
Zohocorp Manageengine Assetexplorer=6.5-6504
CVE-2018-17596
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
Zohocorp Manageengine Assetexplorer=6.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203