RSS   Vulnerabilities for
'Manageengine remote access plus'
   RSS

2021-09-30
 
CVE-2021-41827

CWE-798
 

 
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.

 
 
CVE-2021-41828

CWE-798
 

 
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.

 
 
CVE-2021-41829

CWE-326
 

 
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.

 
2021-02-03
 
CVE-2019-16268

CWE-74
 

 
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.

 
2020-03-19
 
CVE-2019-11361

CWE-269
 

 
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.

 
2020-02-17
 
CVE-2019-20474

CWE-918
 

 
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF.

 
2020-01-31
 
CVE-2020-8422

CWE-522
 

 
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).

 

 >>> Vendor: Zohocorp 45 Products
Webnms
Manageengine adselfservice plus
Manageengine admanager plus
Manageengine assetexplorer
Manageengine opstor
Manageengine eventlog analyzer
Manageengine desktop central
Manageengine it360
Manageengine netflow analyzer
Manageengine it plus
Manageengine opmanager
Manageengine social it plus
Manageengine supportcenter plus
Servicedesk plus
Manageengine password manager pro
Webnms framework
Password manager pro
Manageengine firewall analyzer
Site24x7 mobile network poller
Manageengine applications manager
Manageengine recovery manager plus
Manageengine servicedesk plus
Firewall analyzer
Network configuration manager
Opmanager
Oputils
Manageengine analytics plus
Manageengine browser security plus
Manageengine firewall
Manageengine key manager plus
Manageengine mobile device manager plus
Manageengine network configuration manager
Manageengine o365 manager plus
Manageengine oputils
Manageengine patch connect plus
Manageengine patch manager plus
Manageengine vulnerability manager plus
Manageengine desktop central managed service providers
Manageengine remote access plus
Manageengine adaudit plus
Manageengine datasecurity plus
Manageengine applications control plus
Manageengine servicedesk plus msp
Manageengine log360
Manageengine cloud security plus


Copyright 2021, cxsecurity.com

 

Back to Top