RSS   Podatności dla 'Manageengine opmanager'   RSS

2022-04-18
 
CVE-2022-27908

CWE-89
 

 
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.

 
2021-12-09
 
CVE-2021-44514

CWE-287
 

 
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.

 
2021-10-13
 
CVE-2021-40493

CWE-89
 

 
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.

 
 
CVE-2021-41075

CWE-89
 

 
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.

 
2021-09-30
 
CVE-2021-41288

CWE-89
 

 
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.

 
2021-04-22
 
CVE-2021-3287

CWE-502
 

 
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

 
2021-04-01
 
CVE-2021-20078

CWE-22
 

 
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

 
2021-02-03
 
CVE-2020-28653

NVD-CWE-noinfo
 

 
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

 
2020-06-04
 
CVE-2020-13818

CWE-22
 

 
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.

 
2020-05-07
 
CVE-2020-12116

CWE-200
 

 
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

 


Copyright 2024, cxsecurity.com

 

Back to Top