Zoho Corp ManageEngine Applications 15.1 15110

CPE Details

Zoho Corp ManageEngine Applications 15.1 15110
zohocorp
manageengine_applications_manager
15.1
2021-07-06
13h24 +00:00
2021-07-07
10h30 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:zohocorp:manageengine_applications_manager:15.1:15110:*:*:*:*:*:*

Informations

Vendor

zohocorp

Product

manageengine_applications_manager

Version

15.1

Update

15110

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-5678 2024-08-01 06h54 +00:00 Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
4.7
Medium
CVE-2023-38333 2023-08-10 00h00 +00:00 Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
6.1
Medium
CVE-2023-29442 2023-04-26 00h00 +00:00 Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
6.1
Medium
CVE-2023-28340 2023-04-11 00h00 +00:00 Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
6.5
Medium
CVE-2022-23050 2022-05-24 16h02 +00:00 ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
7.2
High
CVE-2021-31813 2021-07-01 09h58 +00:00 Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
5.4
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.