Zoho Corp ManageEngine Applications 14.3 Build14350

CPE Details

Zoho Corp ManageEngine Applications 14.3 Build14350
zohocorp
manageengine_applications_manager
14.3
2022-01-18
17h23 +00:00
2022-01-18
19h02 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:zohocorp:manageengine_applications_manager:14.3:build14350:*:*:*:*:*:*

Informations

Vendor

zohocorp

Product

manageengine_applications_manager

Version

14.3

Update

build14350

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-5678 2024-08-01 06h54 +00:00 Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
4.7
Moyen
CVE-2023-38333 2023-08-10 00h00 +00:00 Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
6.1
Moyen
CVE-2023-29442 2023-04-26 00h00 +00:00 Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
6.1
Moyen
CVE-2023-28340 2023-04-11 00h00 +00:00 Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
6.5
Moyen
CVE-2020-28679 2022-01-10 16h47 +00:00 A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
8.8
Haute
CVE-2020-24743 2021-11-03 15h07 +00:00 An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
9.8
Critique
CVE-2021-31813 2021-07-01 09h58 +00:00 Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
5.4
Moyen
CVE-2020-35765 2021-02-05 07h55 +00:00 doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
8.8
Haute
CVE-2020-15533 2020-10-01 16h44 +00:00 In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
9.8
Critique
CVE-2019-19799 2020-03-13 15h18 +00:00 Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
5.3
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.