Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_applications_manager
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-05 | CVE-2020-35765 | doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | Manageengine_applications_manager | 8.8 | ||
| 2021-07-01 | CVE-2021-31813 | Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | Manageengine_applications_manager | 5.4 | ||
| 2021-10-21 | CVE-2021-35512 | An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | Manageengine_applications_manager | 6.5 | ||
| 2021-11-03 | CVE-2020-24743 | An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | Manageengine_applications_manager | 9.8 | ||
| 2022-01-10 | CVE-2020-28679 | A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | Manageengine_applications_manager | 8.8 | ||
| 2022-05-24 | CVE-2022-23050 | ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | Manageengine_applications_manager | 7.2 | ||
| 2024-08-01 | CVE-2024-5678 | Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | Manageengine_applications_manager | 4.7 | ||
| 2019-12-11 | CVE-2019-19649 | Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | Manageengine_applications_manager | 9.8 | ||
| 2020-01-10 | CVE-2019-19475 | An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | Manageengine_applications_manager | 8.8 | ||
| 2019-12-11 | CVE-2019-19650 | Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | Manageengine_applications_manager | 8.8 |