Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_remote_access_plus
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-30 | CVE-2021-41827 | Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. | Manageengine_remote_access_plus | 7.5 | ||
| 2020-01-31 | CVE-2020-8422 | An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). | Manageengine_remote_access_plus | 4.3 | ||
| 2021-02-03 | CVE-2019-16268 | Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. | Manageengine_remote_access_plus | 4.8 | ||
| 2020-03-19 | CVE-2019-11361 | Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | Manageengine_remote_access_plus | N/A |