Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_opmanager
(Zohocorp)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 55 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-08-10 | CVE-2022-37024 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. | Manageengine_firewall_analyzer, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_opmanager, Manageengine_opmanager_msp, Manageengine_opmanager_plus, Manageengine_oputils | 8.8 | ||
2022-05-05 | CVE-2022-29535 | Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | Manageengine_opmanager | 9.8 | ||
2022-04-18 | CVE-2022-27908 | Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | Manageengine_opmanager | 8.8 | ||
2021-02-03 | CVE-2020-28653 | Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | Manageengine_opmanager | 9.8 | ||
2021-04-22 | CVE-2021-3287 | Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | Manageengine_opmanager | 9.8 | ||
2021-12-09 | CVE-2021-44514 | OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | Manageengine_opmanager | 9.8 | ||
2021-10-13 | CVE-2021-41075 | The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | Manageengine_opmanager | 9.8 | ||
2021-10-13 | CVE-2021-40493 | Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. | Manageengine_opmanager | 9.8 | ||
2021-09-30 | CVE-2021-41288 | Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | Manageengine_opmanager | 9.8 | ||
2020-03-13 | CVE-2020-10541 | Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108. | Manageengine_opmanager | 9.8 |