Product:

Manageengine_assetexplorer

(Zohocorp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2022-11-23 CVE-2022-40771 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 4.9
2023-01-18 CVE-2022-47966 Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081,... Manageengine_access_manager_plus, Manageengine_ad360, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_adselfservice_plus, Manageengine_analytics_plus, Manageengine_application_control_plus, Manageengine_assetexplorer, Manageengine_browser_security_plus, Manageengine_device_control_plus, Manageengine_endpoint_dlp_plus, Manageengine_key_manager_plus, Manageengine_os_deployer, Manageengine_pam360, Manageengine_password_manager_pro, Manageengine_patch_manager_plus, Manageengine_remote_access_plus, Manageengine_remote_monitoring_and_management_central, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus, Manageengine_vulnerability_manager_plus 9.8
2023-02-01 CVE-2023-23075 Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. Manageengine_assetexplorer 6.1
2023-03-06 CVE-2023-26600 ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 6.5
2023-03-06 CVE-2023-26601 Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 7.5
2023-04-26 CVE-2023-29443 Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 4.9
2023-08-28 CVE-2023-35785 Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk... Manageengine_ad360, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_assetexplorer, Manageengine_cloud_security_plus, Manageengine_datasecurity_plus, Manageengine_eventlog_analyzer, Manageengine_exchange_reporter_plus, Manageengine_log360, Manageengine_log360_ueba, Manageengine_m365_manager_plus, Manageengine_m365_security_plus, Manageengine_recoverymanager_plus, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_sharepoint_manager_plus, Manageengine_supportcenter_plus 8.1
2023-11-15 CVE-2023-6105 An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Manageengine_access_manager_plus, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_adselfservice_plus, Manageengine_analytics_plus, Manageengine_appcreator, Manageengine_application_control_plus, Manageengine_assetexplorer, Manageengine_browser_security_plus, Manageengine_cloud_security_plus, Manageengine_datasecurity_plus, Manageengine_device_control_plus, Manageengine_endpoint_central, Manageengine_endpoint_central_msp, Manageengine_endpoint_dlp_plus, Manageengine_exchange_reporter_plus, Manageengine_firewall_analyzer, Manageengine_log360_ueba, Manageengine_m365_manager_plus, Manageengine_m365_security_plus, Manageengine_mobile_device_manager_plus, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_opmanager, Manageengine_oputils, Manageengine_os_deployer, Manageengine_pam360, Manageengine_password_manager_pro, Manageengine_patch_connect_plus, Manageengine_patch_manager_plus, Manageengine_recoverymanager_plus, Manageengine_remote_access_plus, Manageengine_remote_monitoring_and_management, Manageengine_secure_gateway_server, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_sharepoint_manager_plus, Manageengine_supportcenter_plus, Manageengine_vulnerability_manager_plus 5.5
2019-07-11 CVE-2019-12537 An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. Manageengine_assetexplorer 6.1
2019-07-11 CVE-2019-12595 An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. Manageengine_assetexplorer 6.1