Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST...
5.4CVSS
6.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host...
7.2CVSS
7.2AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is...
4.9CVSS
5AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated...
6.5CVSS
6.4AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information...
6.5CVSS
6.1AI Score
0.0005EPSS
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view...
4.9CVSS
5.1AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy...
7.2CVSS
7.2AI Score
0.371EPSS
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy...
7.2CVSS
7AI Score
0.001EPSS
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration...
8.8CVSS
8.6AI Score
0.019EPSS
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code...
9.8CVSS
9.6AI Score
0.004EPSS
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry...
8.8CVSS
8.9AI Score
0.038EPSS
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization...
8.8CVSS
8.9AI Score
0.038EPSS
9.8CVSS
9.3AI Score
0.005EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code...
9.8CVSS
9.7AI Score
0.007EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to...
5.3CVSS
5.3AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code...
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code...
9.8CVSS
9.6AI Score
0.007EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via...
9.8CVSS
9.4AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection...
9.8CVSS
9.7AI Score
0.003EPSS
6.5CVSS
6.4AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.002EPSS
8.8CVSS
8.7AI Score
0.001EPSS
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account...
9.8CVSS
9.3AI Score
0.005EPSS
6.1CVSS
6.2AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.005EPSS
6.1CVSS
7.4AI Score
0.001EPSS
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number....
9.8CVSS
7.5AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to...
7.3CVSS
7.4AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin...
7CVSS
6.8AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles"...
6.1CVSS
6.2AI Score
0.002EPSS
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as...
8.8CVSS
6.8AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk.....
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...
5.7AI Score
0.003EPSS