Code injection

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...

CVE-2022-38772

Summary: CVE-2022-38772 affects Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils. The issue is a command injection in the getNmapInitialOption function that allows authenticated users to perform database changes leading to re...

CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...

ManageEngine NetFlow Analyzer getUserAPIKey Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authenticati...

CVE-2022-37024

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

Design/Logic Flaw

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

Remote code execution

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

CVE-2022-36923

CVE-2022-36923 affects Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils) with an authentication bypass that allows an unauthenticated attacker to retrieve a user’s API key and use external APIs. T...

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

PT-2022-23689

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager Plus versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager MSP versions before 2022-07-27 through 2022-07-28 Zoho...

多款ZOHO ManageEngine产品安全漏洞

ZOHO ManageEngine OpManager and others are products of ZOHO India.ZOHO ManageEngine OpManager is a suite of network, server and virtualization monitoring software.ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager Pl...

CVE-2022-37024

Summary (CVE-2022-37024) : Multiple Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, OpUtils) prior to 2022-07-29 are affected by a remote code execution flaw. The root cause is insufficient input validation in the getDNSResolv...

Zoho ManageEngine Netflow Analyzer Professional跨站脚本漏洞

ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine Netflow Analyzer Professional version 7.0.0.2, which stems from the lack of proper validation of client-side data by the web application and...

Denial Of Service (DoS)

kernel is vulnerable to denial of service attacks. A user with root access is able to panic the system when issuing netfilter netflow commands...

kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50

A flaw was found in the Linux kernel netfilter implementation. A user with root CAPSYSADMIN access is able to panic the system when issuing netfilter netflow commands...

Zoho ManageEngine OpManager SQL Injection Vulnerability (CNVD-2021-88241)

ZOHO ManageEngine OpManager is an end-to-end integrated network management software that enables comprehensive, visual, unified and centralized monitoring and management of IT infrastructure, including network devices, servers, hosts, WAN links, applications and services, within an enterprise...

CVE-2021-41075

The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API...

CVE-2021-41075

The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API...