RSS   Vulnerabilities for
'Manageengine applications manager'
   RSS

2021-07-01
 
CVE-2021-31813

CWE-79
 

 
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.

 
2021-02-05
 
CVE-2020-35765

CWE-89
 

 
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

 
2021-01-19
 
CVE-2020-27733

CWE-89
 

 
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

 
2020-10-29
 
CVE-2020-27995

CWE-89
 

 
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

 
2020-10-08
 
CVE-2020-10816

CWE-287
 

 
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

 
2020-10-06
 
CVE-2020-16267

CWE-89
 

 
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.

 
 
CVE-2020-15927

CWE-89
 

 
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.

 
2020-09-25
 
CVE-2020-15521

CWE-79
 

 
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .

 
 
CVE-2020-15394

CWE-89
 

 
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

 
2020-03-13
 
CVE-2019-19799

CWE-200
 

 
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.

 


Copyright 2021, cxsecurity.com

 

Back to Top