An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...
5.5CVSS
5.2AI Score
0.0004EPSS
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST...
5.4CVSS
5.5AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host...
7.2CVSS
7.1AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is...
4.9CVSS
5AI Score
0.001EPSS
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...
8.1CVSS
8AI Score
0.025EPSS
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated...
6.5CVSS
6.3AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information...
6.5CVSS
6.1AI Score
0.0005EPSS
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view...
4.9CVSS
5.1AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy...
7.2CVSS
7.2AI Score
0.335EPSS
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy...
7.2CVSS
7AI Score
0.001EPSS
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration...
8.8CVSS
8.5AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code...
9.8CVSS
9.7AI Score
0.004EPSS
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry...
8.8CVSS
8.9AI Score
0.038EPSS
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization...
8.8CVSS
8.8AI Score
0.038EPSS
9.8CVSS
9.3AI Score
0.006EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code...
9.8CVSS
9.8AI Score
0.012EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to...
5.3CVSS
5.3AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code...
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code...
9.8CVSS
9.7AI Score
0.012EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via...
9.8CVSS
9.4AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection...
9.8CVSS
9.7AI Score
0.008EPSS
6.5CVSS
6.4AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.002EPSS
8.8CVSS
8.6AI Score
0.001EPSS
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account...
9.8CVSS
9.3AI Score
0.005EPSS
6.1CVSS
6.2AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.006EPSS
6.1CVSS
6.3AI Score
0.001EPSS
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number....
9.8CVSS
9.4AI Score
0.017EPSS
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to...
7.3CVSS
7.2AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin...
7CVSS
6.8AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles"...
6.1CVSS
6AI Score
0.002EPSS
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as...
8.8CVSS
8.6AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk.....
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...
5.7AI Score
0.003EPSS