Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_opmanager
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 56 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-22 | CVE-2021-3287 | Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | Manageengine_opmanager | 9.8 | ||
| 2021-09-30 | CVE-2021-41288 | Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | Manageengine_opmanager | 9.8 | ||
| 2021-10-13 | CVE-2021-40493 | Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. | Manageengine_opmanager | 9.8 | ||
| 2021-10-13 | CVE-2021-41075 | The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | Manageengine_opmanager | 9.8 | ||
| 2021-12-09 | CVE-2021-44514 | OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | Manageengine_opmanager | 9.8 | ||
| 2022-04-18 | CVE-2022-27908 | Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | Manageengine_opmanager | 8.8 | ||
| 2022-05-05 | CVE-2022-29535 | Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | Manageengine_opmanager | 9.8 | ||
| 2022-07-18 | CVE-2022-35404 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | Manageengine_firewall_analyzer, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_opmanager | 8.2 | ||
| 2022-08-10 | CVE-2022-36923 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | Manageengine_firewall_analyzer, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_opmanager, Manageengine_opmanager_msp, Manageengine_opmanager_plus, Manageengine_oputils | 7.5 | ||
| 2022-08-10 | CVE-2022-37024 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. | Manageengine_firewall_analyzer, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_opmanager, Manageengine_opmanager_msp, Manageengine_opmanager_plus, Manageengine_oputils | 8.8 |