cbcvebase.

Zohocorp Manageengine Desktop Central vulnerabilities

47 known vulnerabilities affecting zohocorp/manageengine_desktop_central.

Total CVEs
47
CISA KEV
2
actively exploited
Public exploits
10
Exploited in wild
2
Severity breakdown
CRITICAL18HIGH18MEDIUM11

Vulnerabilities

Page 3 of 3
CVE-2020-9367P3HIGHCVSS 7.8v10.0.4862021-03-18
CVE-2020-9367 [HIGH] CWE-427 CVE-2020-9367: The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, l
nvd
CVE-2021-46166P4MEDIUMCVSS 6.5fixed in 10.0.6622022-01-10
CVE-2021-46166 [MEDIUM] CWE-200 CVE-2021-46166: Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive inf Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.
nvd
CVE-2023-4768P4MEDIUMCVSS 6.1v9.1.02023-11-03
CVE-2023-4768 [MEDIUM] CWE-93 CVE-2023-4768: A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1. A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.
nvd
CVE-2023-4767P4MEDIUMCVSS 6.1v9.1.02023-11-03
CVE-2023-4767 [MEDIUM] CWE-93 CVE-2023-4767: A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1. A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.
nvd
CVE-2019-15510P4MEDIUMCVSS 6.1v10.02020-03-23
CVE-2019-15510 [MEDIUM] CWE-79 CVE-2019-15510: ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.
nvd
CVE-2019-16962P4MEDIUMCVSS 5.4v10.0.4302021-01-06
CVE-2019-16962 [MEDIUM] CWE-79 CVE-2019-16962: Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
nvd
CVE-2018-8722P4MEDIUMCVSS 6.1v9.1.02018-03-15
CVE-2018-8722 [MEDIUM] CWE-79 CVE-2018-8722: Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
nvd
Zohocorp Manageengine Desktop Central vulnerabilities | cvebase