Manageengine_opmanager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Manageengine_opmanager
(Zohocorp)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	56

Date	Id	Summary	Products	Score	Patch	Annotated
2024-08-23	CVE-2024-5466	Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.	Manageengine_opmanager, Manageengine_opmanager_msp, Manageengine_opmanager_plus, Manageengine_remote_monitoring_and_management_central	8.8
2020-06-04	CVE-2020-13818	In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.	Manageengine_opmanager	7.5
2021-02-03	CVE-2020-28653	Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.	Manageengine_opmanager	9.8
2021-04-01	CVE-2021-20078	Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.	Manageengine_opmanager	9.1
2021-04-22	CVE-2021-3287	Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.	Manageengine_opmanager	9.8
2021-09-30	CVE-2021-41288	Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.	Manageengine_opmanager	9.8
2021-10-13	CVE-2021-40493	Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.	Manageengine_opmanager	9.8
2021-10-13	CVE-2021-41075	The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.	Manageengine_opmanager	9.8
2021-12-09	CVE-2021-44514	OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.	Manageengine_opmanager	9.8
2022-04-18	CVE-2022-27908	Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.	Manageengine_opmanager	8.8