Zohocorp Manageengine O365 Manager Plus vulnerabilities
3 known vulnerabilities affecting zohocorp/manageengine_o365_manager_plus.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-44652HIGHCVSS 7.8fixed in 4.4v4.42022-01-12
CVE-2021-44652 [HIGH] CVE-2021-44652: Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file over
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
nvd
CVE-2020-24786CRITICALCVSS 9.8≤ 4.2v4.32020-08-31
CVE-2020-24786 [CRITICAL] CWE-287 CVE-2020-24786: An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365
nvd
CVE-2019-12133HIGHCVSS 7.8v4.02019-06-18
CVE-2019-12133 [HIGH] CWE-427 CVE-2019-12133: Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissio
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged use
nvd