Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_assetexplorer
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-12 | CVE-2022-35403 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 7.5 | ||
| 2023-02-01 | CVE-2023-23075 | Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | Manageengine_assetexplorer | 6.1 | ||
| 2023-03-06 | CVE-2023-26601 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 7.5 | ||
| 2023-08-28 | CVE-2023-35785 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk... | Manageengine_ad360, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_assetexplorer, Manageengine_cloud_security_plus, Manageengine_datasecurity_plus, Manageengine_eventlog_analyzer, Manageengine_exchange_reporter_plus, Manageengine_log360, Manageengine_log360_ueba, Manageengine_m365_manager_plus, Manageengine_m365_security_plus, Manageengine_recoverymanager_plus, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_sharepoint_manager_plus, Manageengine_supportcenter_plus | 8.1 | ||
| 2019-07-11 | CVE-2019-12537 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. | Manageengine_assetexplorer | 6.1 | ||
| 2019-07-11 | CVE-2019-12595 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. | Manageengine_assetexplorer | 6.1 | ||
| 2019-07-11 | CVE-2019-12596 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. | Manageengine_assetexplorer | 6.1 | ||
| 2019-07-11 | CVE-2019-12597 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. | Manageengine_assetexplorer | 6.1 | ||
| 2020-03-23 | CVE-2019-19034 | Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges. | Manageengine_assetexplorer | 7.2 | ||
| 2019-08-08 | CVE-2019-14693 | Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | Manageengine_assetexplorer | 8.1 |