Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Zohocorp Subscribe
Filtered by product Manageengine Adaudit Plus

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28219 1 Zohocorp 1 Manageengine Adaudit Plus 2022-07-02 7.5 HIGH 9.8 CRITICAL
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVE-2021-42847 1 Zohocorp 1 Manageengine Adaudit Plus 2022-04-27 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
CVE-2020-11532 1 Zohocorp 2 Manageengine Adaudit Plus, Manageengine Datasecurity Plus 2021-07-21 10.0 HIGH 9.8 CRITICAL
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.
CVE-2020-24786 1 Zohocorp 11 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 8 more 2020-09-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
CVE-2018-10466 1 Zohocorp 1 Manageengine Adaudit Plus 2018-07-13 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.