8 matches found
CVE-2022-36923
CVE-2022-36923 affects Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils) with an authentication bypass that allows an unauthenticated attacker to retrieve a user’s API key and use external APIs. T...
CVE-2019-12133
CVE-2019-12133 affects multiple Zoho ManageEngine products (Desktop Central, EventLog Analyzer, ServiceDesk Plus, SupportCenter Plus, O365 Manager Plus, Mobile Device Manager Plus, Patch Connect Plus, Vulnerability Manager Plus, Patch Manager Plus, OpManager, NetFlow Analyzer, OpUtils, Network Co...
CVE-2023-47211
ManageEngine OpManager 12.7.258 is affected by a directory traversal vulnerability in the uploadMib function. An attacker can send a crafted MiB file via HTTP (via the MiB Browser upload path) and cause arbitrary file creation by manipulating destination file naming (orgMibName) without sufficien...
CVE-2018-12998
Zoho ManageEngine CVE-2018-12998 is a reflected XSS in multiple products (Netflow Analyzer before build 123137, Network Configuration Manager before 123128, OpManager before 123148, OpUtils before 123161, Firewall Analyzer before 123147) exploitable via the operation parameter to /servlet/com.adv...
CVE-2022-37024
Summary (CVE-2022-37024) : Multiple Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, OpUtils) prior to 2022-07-29 are affected by a remote code execution flaw. The root cause is insufficient input validation in the getDNSResolv...
CVE-2023-6105
Technical details about CVE-2023-6105 are not publicly provided in the supplied documents; monitor for updates.
CVE-2022-38772
Summary: CVE-2022-38772 affects Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils. The issue is a command injection in the getNmapInitialOption function that allows authenticated users to perform database changes leading to re...
CVE-2018-12997
CVE-2018-12997 affects Zoho ManageEngine products: NetFlow Analyzer, Network Configuration Manager, OpManager, OpUtils, and Firewall Analyzer. The underlying issue is an Incorrect Access Control in FailOverHelperServlet, allowing unauthenticated attackers to read arbitrary server files by sending...