Manageengine_opmanager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Manageengine_opmanager
(Zohocorp)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	55

Date	Id	Summary	Products	Score	Patch	Annotated
2022-08-10	CVE-2022-37024	Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.	Manageengine_firewall_analyzer, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_opmanager, Manageengine_opmanager_msp, Manageengine_opmanager_plus, Manageengine_oputils	8.8
2022-05-05	CVE-2022-29535	Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.	Manageengine_opmanager	9.8
2022-04-18	CVE-2022-27908	Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.	Manageengine_opmanager	8.8
2021-02-03	CVE-2020-28653	Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.	Manageengine_opmanager	9.8
2021-04-22	CVE-2021-3287	Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.	Manageengine_opmanager	9.8
2021-12-09	CVE-2021-44514	OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.	Manageengine_opmanager	9.8
2021-10-13	CVE-2021-41075	The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.	Manageengine_opmanager	9.8
2021-10-13	CVE-2021-40493	Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.	Manageengine_opmanager	9.8
2021-09-30	CVE-2021-41288	Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.	Manageengine_opmanager	9.8
2020-03-13	CVE-2020-10541	Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.	Manageengine_opmanager	9.8