Zohocorp Security Vulnerabilities
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
9.8CVSS
9.8AI Score
0.05EPSS
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
9.8CVSS
9.4AI Score
0.004EPSS
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
9.8CVSS
9.3AI Score
0.006EPSS
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
9.8CVSS
9.7AI Score
0.012EPSS
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
8.8CVSS
8.6AI Score
0.001EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
9.8CVSS
9.8AI Score
0.012EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
5.3CVSS
5.3AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
9.8CVSS
9.4AI Score
0.002EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.7AI Score
0.014EPSS
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8CVSS
9.8AI Score
0.014EPSS
9.8CVSS
9.3AI Score
0.006EPSS
8.8CVSS
8.7AI Score
0.001EPSS
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
8.8CVSS
8.7AI Score
0.001EPSS
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
8.8CVSS
8.7AI Score
0.001EPSS
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
9.8CVSS
9.4AI Score
0.084EPSS
6.1CVSS
6.2AI Score
0.001EPSS
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
9.8CVSS
9.8AI Score
0.006EPSS
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
6.1CVSS
5.8AI Score
0.001EPSS
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
9.8CVSS
9.8AI Score
0.046EPSS
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
9.8CVSS
9.8AI Score
0.023EPSS
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.
9.8CVSS
9.7AI Score
0.346EPSS
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.
9.8CVSS
9.8AI Score
0.346EPSS
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
9.8CVSS
9.8AI Score
0.033EPSS
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
7.5CVSS
7.6AI Score
0.027EPSS
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
7.5CVSS
7.6AI Score
0.027EPSS
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
7.5CVSS
7.5AI Score
0.025EPSS
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
9.8CVSS
9.7AI Score
0.005EPSS
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
9.8CVSS
9.7AI Score
0.008EPSS
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
9.8CVSS
9.7AI Score
0.012EPSS
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
9.8CVSS
9.4AI Score
0.18EPSS
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege...
7.8CVSS
7.8AI Score
0.0004EPSS
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
7.8CVSS
7.7AI Score
0.0005EPSS
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
6.1CVSS
5.9AI Score
0.002EPSS
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
6.1CVSS
5.9AI Score
0.002EPSS
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
7.5CVSS
7.4AI Score
0.004EPSS
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
9.8CVSS
9.7AI Score
0.048EPSS
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
9.8CVSS
9.5AI Score
0.008EPSS