cbcvebase.

Zohocorp Manageengine Admanager Plus vulnerabilities

53 known vulnerabilities affecting zohocorp/manageengine_admanager_plus.

Total CVEs
53
CISA KEV
1
actively exploited
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL22HIGH15MEDIUM16

Vulnerabilities

Page 1 of 3
CVE-2022-47966P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 7.1v7.12023-01-18
CVE-2022-47966 [CRITICAL] CWE-20 CVE-2022-47966: Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications
nvd
CVE-2023-38743P2HIGHCVSS 7.2ExploitedPoCfixed in 7.22023-09-11
CVE-2023-38743 [HIGH] CVE-2023-38743: Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the hos Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
nvd
CVE-2023-29084P2HIGHCVSS 7.2PoCfixed in 7.1v7.12023-04-13
CVE-2023-29084 [HIGH] CWE-77 CVE-2023-29084: Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injec Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
nvd
CVE-2021-37926P1CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37926 [CRITICAL] CWE-434 CVE-2021-37926: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37918P1CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37918 [CRITICAL] CWE-434 CVE-2021-37918: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37539P2CRITICALCVSS 9.8fixed in 7.1v7.12021-09-27
CVE-2021-37539 [CRITICAL] CWE-434 CVE-2021-37539: Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remot Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
nvd
CVE-2024-24409P2HIGHCVSS 8.8PoCv6.1v6.2+6 more2024-11-08
CVE-2024-24409 [HIGH] CWE-269 CVE-2024-24409: Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
nvd
CVE-2022-29457P2HIGHCVSS 8.8PoCfixed in 7.1v7.12022-04-18
CVE-2022-29457 [HIGH] CWE-522 CVE-2022-29457: Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
nvd
CVE-2021-20130P2HIGHCVSS 8.8fixed in 7.1v7.12021-10-13
CVE-2021-20130 [HIGH] CWE-434 CVE-2021-20130: ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerab ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
nvd
CVE-2021-37925P2CRITICALCVSS 9.8fixed in 7.1v7.12021-09-22
CVE-2021-37925 [CRITICAL] CWE-78 CVE-2021-37925: Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnera Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
nvd
CVE-2021-37921P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37921 [CRITICAL] CWE-434 CVE-2021-37921: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37919P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37919 [CRITICAL] CWE-434 CVE-2021-37919: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37924P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37924 [CRITICAL] CWE-434 CVE-2021-37924: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37920P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37920 [CRITICAL] CWE-434 CVE-2021-37920: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37923P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37923 [CRITICAL] CWE-434 CVE-2021-37923: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37931P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37931 [CRITICAL] CWE-434 CVE-2021-37931: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37930P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37930 [CRITICAL] CWE-434 CVE-2021-37930: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37929P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37929 [CRITICAL] CWE-434 CVE-2021-37929: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-37928P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37928 [CRITICAL] CWE-434 CVE-2021-37928: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
nvd
CVE-2021-20131P2HIGHCVSS 8.8fixed in 7.1v7.12021-10-13
CVE-2021-20131 [HIGH] CWE-434 CVE-2021-20131: ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerab ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
nvd
Zohocorp Manageengine Admanager Plus vulnerabilities | cvebase