Zoho Corp ManageEngine Applications Manager 14.7

CPE Details

Zoho Corp ManageEngine Applications Manager 14.7
zohocorp
manageengine_applications_manager
14.7
2020-10-06
15h29 +00:00
2020-10-06
15h29 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:zohocorp:manageengine_applications_manager:14.7:-:*:*:*:*:*:*

Informations

Vendor

zohocorp

Product

manageengine_applications_manager

Version

14.7

Update

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-5678 2024-08-01 06h54 +00:00 Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
4.7
Moyen
CVE-2023-38333 2023-08-10 00h00 +00:00 Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
6.1
Moyen
CVE-2023-29442 2023-04-26 00h00 +00:00 Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
6.1
Moyen
CVE-2023-28340 2023-04-11 00h00 +00:00 Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
6.5
Moyen
CVE-2021-31813 2021-07-01 09h58 +00:00 Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
5.4
Moyen
CVE-2020-35765 2021-02-05 07h55 +00:00 doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
8.8
Haute
CVE-2020-10816 2020-10-08 14h50 +00:00 Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.
7.5
Haute
CVE-2020-16267 2020-10-06 17h02 +00:00 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
8.8
Haute
CVE-2020-15927 2020-10-06 16h56 +00:00 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
8.8
Haute
CVE-2020-15533 2020-10-01 16h44 +00:00 In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
9.8
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.