Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20130

Summary
Assigner-tenable
Assigner Org ID-5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At-13 Oct, 2021 | 17:30
Updated At-03 Aug, 2024 | 17:30
Rejected At-
Credits

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:tenable
Assigner Org ID:5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At:13 Oct, 2021 | 17:30
Updated At:03 Aug, 2024 | 17:30
Rejected At:
▼CVE Numbering Authority (CNA)

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.

Affected Products
Vendor
n/a
Product
ManageEngine ADManager Plus Build 7111
Versions
Affected
  • ManageEngine ADManager Plus Build 7111
Problem Types
TypeCWE IDDescription
textN/AArbitrary Code Execution
Type: text
CWE ID: N/A
Description: Arbitrary Code Execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.tenable.com/security/research/tra-2021-43
x_refsource_MISC
Hyperlink: https://www.tenable.com/security/research/tra-2021-43
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.tenable.com/security/research/tra-2021-43
x_refsource_MISC
x_transferred
Hyperlink: https://www.tenable.com/security/research/tra-2021-43
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnreport@tenable.com
Published At:13 Oct, 2021 | 18:15
Updated At:19 Oct, 2021 | 19:07

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_admanager_plus>>Versions before 7.1(exclusive)
cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_admanager_plus>>7.1
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_admanager_plus>>7.1
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_admanager_plus>>7.1
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_admanager_plus>>7.1
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_admanager_plus>>7.1
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.tenable.com/security/research/tra-2021-43vulnreport@tenable.com
Vendor Advisory
Hyperlink: https://www.tenable.com/security/research/tra-2021-43
Source: vulnreport@tenable.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1482Records found
CVE-2022-41978
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-2.97% / 85.50%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 15:46
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability

Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.
Product-zoho_crm_lead_magnetZoho CRM Lead Magnet (WordPress plugin)
CWE ID-CWE-264
Not Available
CVE-2022-40773
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.54% / 90.36%
||
7 Day CHG~0.00%
Published-12 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_supportcenter_plusmanageengine_servicedesk_plus_mspn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-77.62% / 99.50%
||
7 Day CHG-1.39%
Published-29 Aug, 2022 | 20:21
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_netflow_analyzermanageengine_opmanagermanageengine_opmanager_plusmanageengine_opmanager_mspmanageengine_oputilsmanageengine_network_configuration_managern/a
CVE-2024-0253
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-5.01% / 91.15%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 12:50
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-37024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-78.33% / 99.52%
||
7 Day CHG-1.35%
Published-09 Aug, 2022 | 15:15
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_netflow_analyzermanageengine_opmanagermanageengine_opmanager_plusmanageengine_firewall_analyzermanageengine_opmanager_mspmanageengine_oputilsmanageengine_network_configuration_managern/a
CVE-2024-5490
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.04% / 89.31%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:44
Updated-27 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5467
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.52% / 90.31%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:28
Updated-27 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0269
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-5.37% / 91.62%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 13:05
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0252
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.8||HIGH
EPSS-7.81% / 93.91%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 07:57
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_adselfservice_plusADSelfService Plus
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-29457
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.72% / 93.86%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 19:47
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusmanageengine_adselfservice_plusmanageengine_adaudit_plusmanageengine_exchange_reporter_plusn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-27908
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-36.84% / 98.31%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 12:17
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-24978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.09% / 61.20%
||
7 Day CHG+0.03%
Published-05 Apr, 2022 | 18:24
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-38871
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.12% / 86.15%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 17:29
Updated-11 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49334
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.00% / 85.68%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:55
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49330
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-2.29% / 80.99%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 12:19
Updated-12 May, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49333
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.00% / 85.68%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:51
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49331
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.00% / 85.68%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:35
Updated-09 May, 2025 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4769
Matching Score-8
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-8
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.6||MEDIUM
EPSS-3.25% / 86.75%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 10:55
Updated-05 Sep, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centralDesktop Centraldesktop_central
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-10020
Matching Score-8
Assigner-Zohocorp
ShareView Details
Matching Score-8
Assigner-Zohocorp
CVSS Score-8.5||HIGH
EPSS-4.72% / 90.68%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 12:12
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusManageEngine ADManager Plus
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.14% / 93.46%
||
7 Day CHG~0.00%
Published-09 Jan, 2022 | 00:26
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centraln/a
CVE-2021-44650
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-4.79% / 90.81%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 13:35
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_m365_manager_plusn/a
CVE-2019-19774
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-12.52% / 95.72%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 18:00
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_eventlog_analyzern/a
CVE-2024-21775
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-5.01% / 91.15%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 14:35
Updated-26 Nov, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-24409
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.8||HIGH
EPSS-3.94% / 89.08%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 08:01
Updated-13 Nov, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusADManager Plusmanageengine_admanager_plus
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-23050
Matching Score-8
Assigner-Fluid Attacks
ShareView Details
Matching Score-8
Assigner-Fluid Attacks
CVSS Score-7.2||HIGH
EPSS-4.65% / 90.56%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 18:02
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managerManageEngine AppManager15
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-19475
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.55% / 83.04%
||
7 Day CHG~0.00%
Published-10 Jan, 2020 | 21:18
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31099
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-81.56% / 99.59%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-29 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CVE-2019-8394
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-64.05% / 99.12%
||
7 Day CHG~0.00%
Published-17 Feb, 2019 | 04:00
Updated-07 Nov, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusn/aManageEngine
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-3835
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-9.6||CRITICAL
EPSS-1.93% / 77.36%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 10:29
Updated-26 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_exchange_reporter_plusExchange Reporter Plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-18475
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.09% / 97.36%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2013-7390
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-74.53% / 99.43%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:33
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centraln/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-3444
Matching Score-6
Assigner-ManageEngine
ShareView Details
Matching Score-6
Assigner-ManageEngine
CVSS Score-6.5||MEDIUM
EPSS-1.23% / 65.00%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 10:31
Updated-17 Jun, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local File Inclusion

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_supportcenter_plusmanageengine_servicedesk_plus_mspSupportCenter PlusServiceDesk Plus MSP
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37931
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.24% / 94.71%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:31
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37918
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-73.65% / 99.40%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:33
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37928
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.24% / 94.71%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:21
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-41833
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.76% / 93.88%
||
7 Day CHG~0.00%
Published-11 Nov, 2021 | 04:30
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_patch_connect_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-42099
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.55% / 92.94%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 18:47
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_m365_manager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37930
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.24% / 94.71%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37929
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.24% / 94.71%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:22
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37920
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.64% / 95.23%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:37
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37921
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.64% / 95.23%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:36
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37924
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.64% / 95.23%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:35
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37919
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.64% / 95.23%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:38
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37923
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.64% / 95.23%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:36
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37539
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-93.40% / 99.82%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 14:05
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37761
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.24% / 94.71%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 16:23
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-11561
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.06% / 78.88%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:32
Updated-05 Aug, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37926
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-73.65% / 99.40%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:20
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-37762
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.82% / 93.92%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:40
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-40175
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.01% / 93.35%
||
7 Day CHG+0.22%
Published-29 Aug, 2021 | 19:17
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_log360n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 29
  • 30
  • Next
Details not found