RSS   Vulnerabilities for 'Manageengine opmanager'   RSS

2021-10-13
 
CVE-2021-40493

CWE-89
 

 
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.

 
 
CVE-2021-41075

CWE-89
 

 
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.

 
2021-09-30
 
CVE-2021-41288

CWE-89
 

 
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.

 
2021-04-22
 
CVE-2021-3287

CWE-502
 

 
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

 
2021-04-01
 
CVE-2021-20078

CWE-22
 

 
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

 
2021-02-03
 
CVE-2020-28653

NVD-CWE-noinfo
 

 
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

 
2020-06-04
 
CVE-2020-13818

CWE-22
 

 
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.

 
2020-05-07
 
CVE-2020-12116

CWE-200
 

 
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

 
2020-04-20
 
CVE-2020-11946

CWE-200
 

 
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

 
2020-04-04
 
CVE-2020-11527

CWE-200
 

 
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.

 


Copyright 2021, cxsecurity.com

 

Back to Top