CVE-2024-24409

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option...

ZOHO ManageEngine Endpoint Central 安全漏洞

ZOHO ManageEngine Endpoint Central is a desktop management system from ZOHO USA. A security vulnerability exists in ZOHO ManageEngine Endpoint Central versions prior to 11.3.2440.09. An attacker can exploit the vulnerability to change usernames in chat...

CVE-2024-48878

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report...

CVE-2024-0269

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

CVE-2024-0253

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

CVE-2024-41140 Improper Authorization

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

CVE-2024-41140

CVE-2024-41140 affects Zohocorp ManageEngine Applications Manager versions 174000 and prior, with an incorrect authorization in the update user function. Public documentation from NVD and Red Hat confirms impact to confidentiality and integrity (high), with network attack vector, low attack compl...

ZOHO ManageEngine Applications Manager 安全漏洞

ZOHO ManageEngine Applications Manager is a suite of IT operations management solutions from ZOHO USA. The product features application performance management, fault management, report generation and SLA management. A security vulnerability exists in ZOHO ManageEngine Applications Manager version...

PT-2025-2604 · Zohocorp · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Applications Manager versions 174000 and prior Description: The issue is related to incorrect authorization in the update user function. This allows for potential unauthorized access or modifications. The estimated numbe...

ManageEngine ServiceDesk Plus < 14.9 Build 14920

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.9 Build 14920. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicians to...

ManageEngine Analytics Plus getOAToken Exposed Dangerous Method Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine Analytics Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getOAToken action. The issue results from an exposed...

CVE-2024-52323

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

CVE-2024-52323

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

CVE-2024-52323 Sensitive Data Exposure

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

CVE-2024-52323 Sensitive Data Exposure

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

CVE-2024-52323

The connected sources confirm a vulnerability in ManageEngine Analytics Plus prior to version 6100 where the getOAToken method exposes sensitive tokens for the org-admin account. This allows authenticated users to retrieve tokens and may enable privilege escalation to org-admin resources. Mitigat...

PT-2024-35177 · Zohocorp · Manageengine Analytics Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Analytics Plus versions below 6100 Description: The issue allows authenticated sensitive data exposure, enabling users to retrieve sensitive tokens associated with the org-admin account. This is related to the getOAToken...