Check CVE Id
Check CWE Id
'Manageengine remote access plus'
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF.
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
Manageengine adselfservice plus
Manageengine admanager plus
Manageengine eventlog analyzer
Manageengine desktop central
Manageengine netflow analyzer
Manageengine it plus
Manageengine social it plus
Manageengine supportcenter plus
Manageengine password manager pro
Password manager pro
Manageengine firewall analyzer
Site24x7 mobile network poller
Manageengine applications manager
Manageengine recovery manager plus
Manageengine servicedesk plus
Network configuration manager
Manageengine analytics plus
Manageengine browser security plus
Manageengine key manager plus
Manageengine mobile device manager plus
Manageengine network configuration manager
Manageengine o365 manager plus
Manageengine patch connect plus
Manageengine patch manager plus
Manageengine vulnerability manager plus
Manageengine desktop central managed service providers
Manageengine remote access plus
Manageengine adaudit plus
Manageengine datasecurity plus
Manageengine applications control plus
Manageengine servicedesk plus msp
Manageengine cloud security plus
Back to Top