Produkt Manageengine opmanager (...) - CVEMAP.ORG

Podatności dla 'Manageengine opmanager'

2022-04-18

CVE-2022-27908

CWE-89

Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.

2021-12-09

CVE-2021-44514

CWE-287

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.

2021-10-13

CVE-2021-40493

CWE-89

Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.

CVE-2021-41075

CWE-89

The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.

2021-09-30

CVE-2021-41288

CWE-89

Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.

2021-04-22

CVE-2021-3287

CWE-502

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

2021-04-01

CVE-2021-20078

CWE-22

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

2021-02-03

CVE-2020-28653

NVD-CWE-noinfo

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

2020-06-04

CVE-2020-13818

CWE-22

In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.

2020-05-07

CVE-2020-12116

CWE-200

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

Copyright 2024, cxsecurity.com