Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_applications_manager
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-04 | CVE-2020-14008 | Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | Manageengine_applications_manager | 7.2 | ||
| 2020-09-25 | CVE-2020-15394 | The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. | Manageengine_applications_manager | 9.8 | ||
| 2020-09-25 | CVE-2020-15521 | Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | Manageengine_applications_manager | 6.1 | ||
| 2020-10-01 | CVE-2020-15533 | In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | Manageengine_applications_manager | 9.8 | ||
| 2020-10-06 | CVE-2020-16267 | Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | Manageengine_applications_manager | 8.8 | ||
| 2020-10-06 | CVE-2020-15927 | Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. | Manageengine_applications_manager | 8.8 | ||
| 2020-10-29 | CVE-2020-27995 | SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | Manageengine_applications_manager | 9.8 | ||
| 2021-01-19 | CVE-2020-27733 | Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | Manageengine_applications_manager | 8.8 | ||
| 2021-02-05 | CVE-2020-35765 | doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | Manageengine_applications_manager | 8.8 | ||
| 2021-07-01 | CVE-2021-31813 | Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | Manageengine_applications_manager | 5.4 |