Lucene search
K

202 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:9 a.m.8 views

CVE-2022-24447

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export...

6.5CVSS6.6AI score0.00795EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 a.m.22 views

CVE-2022-24446

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers and user information even if no SSH server or user is associated to the operator...

4.3CVSS6.9AI score0.00924EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:59 p.m.8 views

CVE-2022-24306

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled...

9.8CVSS7AI score0.02344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:58 p.m.7 views

CVE-2022-24305

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation...

9.8CVSS6.7AI score0.02548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:28 p.m.4 views

CVE-2022-40300

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities...

9.8CVSS9.8AI score0.99268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:14 p.m.6 views

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

9.8CVSS8.2AI score0.9994EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:33 p.m.8 views

CVE-2021-28382

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...

5.4CVSS5.9AI score0.01165EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.8 views

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

7.8CVSS8AI score0.02565EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 5:8 a.m.12 views

CVE-2024-10839

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...

8.5CVSS6.7AI score0.01458EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/03 11:51 p.m.5 views

WordPress WP All Export Pro plugin < 1.9.2 - Authenticated (Shop Manager+) Remote Code Execution vulnerability

Authenticated Shop Manager+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin WP ALL Export Pro versions 1.9.2...

7.2CVSS7.5AI score0.00392EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/08 11:15 a.m.3 views

CVE-2024-10839

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...

8.1CVSS5.8AI score0.01458EPSS
Exploits0References1
NVD
NVD
added 2024/11/08 11:15 a.m.16 views

CVE-2024-10839

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...

8.5CVSS0.01458EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/08 10:58 a.m.25 views

CVE-2024-10839 XML External Entity

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity XXE in the Management option...

8.5CVSS0.01458EPSS
Exploits0References1
CVE
CVE
added 2024/11/08 10:58 a.m.58 views

CVE-2024-10839

CVE-2024-10839 affects Zohocorp/ManageEngine SharePoint Manager Plus (versions 4503 and prior). The vulnerability is an authenticated XML External Entity (XXE) issue in the Management option. Impact is described as high confidentiality impact and partial availability impact per the NVD metrics. N...

8.5CVSS8.1AI score0.01458EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.4 views

PT-2024-16580 · Zoho · Zoho Manageengine Sharepoint Manager Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine SharePoint Manager Plus versions 4503 and prior Description: The issue is an authenticated XML External Entity XXE vulnerability in the Management option. This vulnerability impacts specific versions of the software, allowing...

8.5CVSS7AI score0.01458EPSS
Exploits0References30
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.4 views

ZOHO ManageEngine SharePoint Manager Plus 安全漏洞

ZOHO ManageEngine SharePoint Manager Plus is a complete management and auditing solution from ZOHO, Inc. It helps you manage, audit, and report on your local and Office 365 SharePoint environments. It also allows you to monitor, track and analyze all activities in your SharePoint infrastructure t...

8.5CVSS6.5AI score0.01458EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/11/22 12:0 a.m.28 views

ManageEngine Recovery Manager Plus getEscapedValue Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Recovery Manager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getEscapedValue method. The issue results from the lack of proper...

7.2CVSS7.7AI score0.82163EPSS
Exploits0References1
OSV
OSV
added 2023/09/11 7:15 p.m.6 views

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.2CVSS5.9AI score0.11634EPSS
Exploits1References1
Prion
Prion
added 2023/08/28 8:15 p.m.37 views

Spoofing

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...

5.1CVSS9.3AI score0.02434EPSS
Exploits0References2Affected Software17
CVE
CVE
added 2023/08/28 12:0 a.m.132 views

CVE-2023-35785

CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...

8.1CVSS8AI score0.02434EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder