Vulnerabilities for Manageengine applications manager (...) - CXSECURITY.COM

Vulnerabilities for
'Manageengine applications manager'

2021-11-03

CVE-2020-24743

NVD-CWE-noinfo

An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.

2021-10-21

CVE-2021-35512

CWE-918

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.

2021-07-01

CVE-2021-31813

CWE-79

Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.

2021-02-05

CVE-2020-35765

CWE-89

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

2021-01-19

CVE-2020-27733

CWE-89

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

2020-10-29

CVE-2020-27995

CWE-89

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

2020-10-08

CVE-2020-10816

CWE-287

Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

2020-10-06

CVE-2020-16267

CWE-89

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.

CVE-2020-15927

CWE-89

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.

2020-09-25

CVE-2020-15521

CWE-79

Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .

Copyright 2024, cxsecurity.com