Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_applications_manager
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-29 | CVE-2020-27995 | SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | Manageengine_applications_manager | 9.8 | ||
| 2021-01-19 | CVE-2020-27733 | Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | Manageengine_applications_manager | 8.8 | ||
| 2021-02-05 | CVE-2020-35765 | doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | Manageengine_applications_manager | 8.8 | ||
| 2021-07-01 | CVE-2021-31813 | Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | Manageengine_applications_manager | 5.4 | ||
| 2021-10-21 | CVE-2021-35512 | An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | Manageengine_applications_manager | 6.5 | ||
| 2021-11-03 | CVE-2020-24743 | An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | Manageengine_applications_manager | 9.8 | ||
| 2022-01-10 | CVE-2020-28679 | A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | Manageengine_applications_manager | 8.8 | ||
| 2022-05-24 | CVE-2022-23050 | ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | Manageengine_applications_manager | 7.2 | ||
| 2024-08-01 | CVE-2024-5678 | Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | Manageengine_applications_manager | 4.7 | ||
| 2019-12-11 | CVE-2019-19649 | Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | Manageengine_applications_manager | 9.8 |