Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Zohocorp Subscribe
Filtered by product Manageengine Remote Access Plus

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6105 3 Linux, Microsoft, Zohocorp 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more 2023-12-28 N/A 5.5 MEDIUM
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
CVE-2022-26777 1 Zohocorp 1 Manageengine Remote Access Plus 2023-08-08 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
CVE-2022-26653 1 Zohocorp 1 Manageengine Remote Access Plus 2023-08-08 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
CVE-2019-20474 1 Zohocorp 1 Manageengine Remote Access Plus 2022-01-01 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF.
CVE-2019-16268 1 Zohocorp 1 Manageengine Remote Access Plus 2021-07-21 3.5 LOW 4.8 MEDIUM
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
CVE-2020-8422 1 Zohocorp 1 Manageengine Remote Access Plus 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).