PT-2023-27924 · Zoho · Manageengine Mobile Device Manager

Name of the Vulnerable Software and Affected Versions: ManageEngine Mobile Device ManagerMDM APP affected versions not specified Description: The issue is related to a path traversal vulnerability in a special function of the ManageEngine Mobile Device ManagerMDM APP. This vulnerability can be...

ZOHO ManageEngine ADManager Plus Security Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of the ManageEngine ADSelfService Plus password reset software lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to gain elevated privileges remotely...

CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled...

Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!

Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability ahead of the release of a proof-of-concept PoC exploit code. The issue in question is CVE-2022-47966 , an unauthenticated remote code execution vulnerability affecting several products du...

Possible exploit vulnerability in Zoho ManageEngine

A vulnerability has been fixed in several Zoho ManageEngine products. The vulnerability is located in an underlying third-party product: Apache Santuario. The vulnerability allows a malicious party to execute arbitrary code on the vulnerable system with system privileges. Researchers at Horizon3 ...

PT-2022-6690 · Zoho · Manageengine Opmanager

Name of the Vulnerable Software and Affected Versions: ManageEngine OpManager version 12.6.168 Description: A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality. This issue is related to incorrect restriction of XML links to external objects. Exploitation of th...

CVE-2022-47577

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...

PT-2022-26654 · Zoho · Zoho Manageengine Supportcenter Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine SupportCenter Plus versions through 11024 Description: The issue allows low-privileged users to view the organization users list. Recommendations: For versions through 11024, update to a version that contains a fix for this...

CVE-2022-43671

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection...

CVE-2022-34829

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service application restart via a crafted payload to the Mobile App Deployment API...

ZOHO ManageEngine Key Manager Plus 信息泄露漏洞

ZOHO ManageEngine Key Manager Plus is a web-based SSH secret key management solution from ZOHO. The vulnerability is caused by the application not effectively protecting the stored SSL certificates and associated key pairs, which can be exploited by an attacker to obtain the stored SSL certificat...

The vulnerability of the configuration of software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus lies in the absence of authentication procedures, which allow attackers to execute arbitrary code.

The vulnerability of the configuration of software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus lies in the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to execute...

Vulnerability fixed in Zoho ManageEngine Desktop Central

A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerability fixed in Zoho ManageEngine Desktop Central

Zoho has fixed a vulnerability in ManageEngine Desktop Central. Desktop Central is a solution used by administrators to remotely manage devices within an organization. manage. The vulnerability makes it possible for a malicious person to bypass authentication and execute arbitrary code under the...

CVE-2021-44650

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components...

ZOHO ManageEngine Desktop Central MSP 安全漏洞

ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs Managed Service Providers from ZOHO. A security vulnerability exists in versions prior to Zoho ManageEngine Desktop Central 10.0.662, which is caused by a program that launches an executable...

PT-2022-9168 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus versions prior to build 6116 Description: The issue allows a user from one domain to obtain the password policy for another domain by authenticating to the service and sending a request specifying the password...

Zoho ManageEngine SupportCenter Plus 授权问题漏洞

Zoho ManageEngine SupportCenter Plus is a customer service support management software from ZOHO, Inc. The software provides help desk, customer management, service level management and tracking of customer requests.An authorization issue vulnerability exists in Zoho ManageEngine SupportCenter...