Zoho Corp ManageEngine Applications 14.7 Build14783

CPE Details

Zoho Corp ManageEngine Applications 14.7 Build14783
zohocorp
manageengine_applications_manager
14.7
2020-10-13
11h26 +00:00
2020-10-13
11h26 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:build14783:*:*:*:*:*:*

Informations

Vendor

zohocorp

Product

manageengine_applications_manager

Version

14.7

Update

build14783

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-5678 2024-08-01 06h54 +00:00 Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
4.7
Medium
CVE-2023-38333 2023-08-10 00h00 +00:00 Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
6.1
Medium
CVE-2023-29442 2023-04-26 00h00 +00:00 Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
6.1
Medium
CVE-2023-28340 2023-04-11 00h00 +00:00 Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
6.5
Medium
CVE-2021-31813 2021-07-01 09h58 +00:00 Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
5.4
Medium
CVE-2020-35765 2021-02-05 07h55 +00:00 doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
8.8
High
CVE-2020-16267 2020-10-06 17h02 +00:00 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
8.8
High
CVE-2020-15927 2020-10-06 16h56 +00:00 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.