Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_applications_manager
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-10 | CVE-2023-38333 | Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | Manageengine_applications_manager | 6.1 | ||
| 2022-05-24 | CVE-2022-23050 | ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | Manageengine_applications_manager | 7.2 | ||
| 2023-04-26 | CVE-2023-29442 | Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | Manageengine_applications_manager | 6.1 | ||
| 2023-04-11 | CVE-2023-28340 | Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | Manageengine_applications_manager | 6.5 | ||
| 2023-04-11 | CVE-2023-28341 | Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | Manageengine_applications_manager | 6.1 | ||
| 2019-12-11 | CVE-2019-19649 | Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | Manageengine_applications_manager | 9.8 | ||
| 2020-01-10 | CVE-2019-19475 | An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | Manageengine_applications_manager | 8.8 | ||
| 2019-12-11 | CVE-2019-19650 | Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | Manageengine_applications_manager | 8.8 | ||
| 2021-01-19 | CVE-2020-27733 | Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | Manageengine_applications_manager | 8.8 | ||
| 2020-03-13 | CVE-2019-19799 | Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | Manageengine_applications_manager | 5.3 |