RSS   Vulnerabilities for
'Manageengine applications manager'
   RSS

2021-11-03
 
CVE-2020-24743

NVD-CWE-noinfo
 

 
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.

 
2021-10-21
 
CVE-2021-35512

CWE-918
 

 
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.

 
2021-07-01
 
CVE-2021-31813

CWE-79
 

 
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.

 
2021-02-05
 
CVE-2020-35765

CWE-89
 

 
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

 
2021-01-19
 
CVE-2020-27733

CWE-89
 

 
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

 
2020-10-29
 
CVE-2020-27995

CWE-89
 

 
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

 
2020-10-08
 
CVE-2020-10816

CWE-287
 

 
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

 
2020-10-06
 
CVE-2020-16267

CWE-89
 

 
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.

 
 
CVE-2020-15927

CWE-89
 

 
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.

 
2020-09-25
 
CVE-2020-15521

CWE-79
 

 
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .

 


Copyright 2024, cxsecurity.com

 

Back to Top