CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zohocorp : Security Vulnerabilities Published In 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44676 668 2021-12-20 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
2 CVE-2021-44675 287 Exec Code Bypass 2021-12-20 2022-01-03
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
3 CVE-2021-44526 287 Bypass 2021-12-23 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
4 CVE-2021-44525 668 Bypass 2021-12-20 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
5 CVE-2021-44515 287 Exec Code Bypass 2021-12-12 2021-12-16
10.0
None Remote Low Not required Complete Complete Complete
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
6 CVE-2021-44514 287 2021-12-09 2021-12-15
7.5
None Remote Low Not required Partial Partial Partial
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
7 CVE-2021-44077 287 Exec Code 2021-11-29 2021-12-28
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
8 CVE-2021-43319 77 2021-11-30 2021-12-03
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
9 CVE-2021-43296 918 2021-11-30 2021-12-02
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
10 CVE-2021-43295 79 XSS 2021-11-30 2021-12-02
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
11 CVE-2021-43294 79 XSS 2021-11-30 2021-12-02
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
12 CVE-2021-42847 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
13 CVE-2021-42099 434 Exec Code 2021-11-30 2021-12-06
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
14 CVE-2021-42002 863 Exec Code Bypass 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
15 CVE-2021-41833 434 Exec Code 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
16 CVE-2021-41829 326 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
17 CVE-2021-41828 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
18 CVE-2021-41827 798 2021-09-30 2021-10-05
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
19 CVE-2021-41288 89 Sql 2021-09-30 2021-10-07
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
20 CVE-2021-41081 89 Sql 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
21 CVE-2021-41080 89 Sql 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
22 CVE-2021-41075 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
23 CVE-2021-40539 287 Exec Code Bypass 2021-09-07 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
24 CVE-2021-40493 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
25 CVE-2021-40178 79 XSS 2021-08-29 2021-09-01
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
26 CVE-2021-40177 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
27 CVE-2021-40176 79 XSS 2021-08-29 2021-09-01
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
28 CVE-2021-40175 434 Exec Code 2021-08-29 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
29 CVE-2021-40174 352 CSRF 2021-08-29 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
30 CVE-2021-40173 352 CSRF 2021-08-29 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
31 CVE-2021-40172 352 CSRF 2021-08-29 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
32 CVE-2021-38298 611 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
33 CVE-2021-37931 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
34 CVE-2021-37930 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
35 CVE-2021-37929 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
36 CVE-2021-37928 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
37 CVE-2021-37927 287 2021-09-22 2022-01-10
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
38 CVE-2021-37926 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
39 CVE-2021-37925 78 2021-09-22 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
40 CVE-2021-37924 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
41 CVE-2021-37923 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
42 CVE-2021-37922 22 Dir. Trav. 2021-10-07 2021-10-15
5.0
None Remote Low Not required None Partial None
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
43 CVE-2021-37921 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
44 CVE-2021-37920 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
45 CVE-2021-37919 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
46 CVE-2021-37918 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
47 CVE-2021-37762 434 Exec Code 2021-10-07 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
48 CVE-2021-37761 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
49 CVE-2021-37741 287 2021-09-21 2021-10-01
6.5
None Remote Low ??? Partial Partial Partial
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
50 CVE-2021-37539 434 Exec Code 2021-09-27 2021-10-01
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
Total number of vulnerabilities : 99   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.