Zohocorp Manageengine Admanager Plus vulnerabilities

CVE-2021-38298 [CRITICAL] CWE-611 CVE-2021-38298: Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.

CVE-2021-37931 [CRITICAL] CWE-434 CVE-2021-37931: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37921 [CRITICAL] CWE-434 CVE-2021-37921: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37926 [CRITICAL] CWE-434 CVE-2021-37926: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37919 [CRITICAL] CWE-434 CVE-2021-37919: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37924 [CRITICAL] CWE-434 CVE-2021-37924: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37920 [CRITICAL] CWE-434 CVE-2021-37920: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37930 [CRITICAL] CWE-434 CVE-2021-37930: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37929 [CRITICAL] CWE-434 CVE-2021-37929: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37928 [CRITICAL] CWE-434 CVE-2021-37928: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37918 [CRITICAL] CWE-434 CVE-2021-37918: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37923 [CRITICAL] CWE-434 CVE-2021-37923: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

CVE-2021-37762 [CRITICAL] CWE-434 CVE-2021-37762: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading t Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.

CVE-2021-37922 [MEDIUM] CWE-22 CVE-2021-37922: Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.

CVE-2021-37539 [CRITICAL] CWE-434 CVE-2021-37539: Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remot Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.

CVE-2021-37761 [CRITICAL] CWE-434 CVE-2021-37761: Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, l Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.

CVE-2021-37925 [CRITICAL] CWE-78 CVE-2021-37925: Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnera Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.

CVE-2021-37927 [CRITICAL] CWE-347 CVE-2021-37927: Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.

CVE-2021-37424 [CRITICAL] CVE-2021-37424: ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.

CVE-2021-37419 [HIGH] CWE-918 CVE-2021-37419: Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.