CVE-2026-2740

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

CVE-2021-40173

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

CVE-2024-6679

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

PT-2024-37797 · Unknown · Witmy My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue has been found, affecting some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to SQL injection. The attack may b...

Spoofing

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...

CVE-2023-35785

CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...

ZOHO ManageEngine Cloud Security Plus 代码问题漏洞

ZOHO ManageEngine Cloud Security Plus is a log management and monitoring tool for public cloud platforms from ZOHO USA. A security vulnerability exists in ZOHO ManageEngine Cloud Security Plus Build 4117 that allows remote code execution via the updatePersonalizeSettings component...

CVE-2021-40173

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

CVE-2021-40173

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

Cross site request forgery (csrf)

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

CVE-2021-40173

CVE-2021-40173 affects Zoho ManageEngine Cloud Security Plus prior to Build 4117 and enables a CSRF against server proxy settings. The CVE has a CVSS v3.1 base score of 8.8 (NETWORK, LOW ATTACK COMPLEXITY, NONE PRIVILEGES, UI REQUIRED, HIGH CONF/INT/AVAIL impacts). Release notes indicate the fix ...

CVE-2021-40173

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

CVE-2020-24786

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build numbe...

Authentication flaw

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build numbe...

CVE-2020-24786

CVE-2020-24786 affects multiple ManageEngine products (Exchange Reporter Plus, AD360, ADSelfService Plus, DataSecurity Plus, RecoverManager Plus, EventLog Analyzer, ADAudit Plus, O365 Manager Plus, Cloud Security Plus, ADManager Plus, Log360) with a remotely accessible Java servlet (com.manageeng...

Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server Application Path Traversal Vulnerability

Zoho ManageEngine DataSecurity Plus is a sensitive data management solution from Zoho USA. The product features data leakage prevention, data risk assessment and file server auditing. A path traversal vulnerability exists in the Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server...

CompTIA Certification Training — Get Online Courses @ 95% OFF

The Information Technology industry has seen exponential growth over the years. It is essential for everyone to earn cybersecurity certification if you want to be a part of this growing industry. Organizations always prefer employees with strong internationally-recognized professional...