Zohocorp Manageengine Assetexplorer — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Assetexplorer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-20110 — CVSS 9.8 (critical): Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure…
CVE-2019-12994 — CVSS 9.1 (critical): Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a…
CVE-2019-12959 — CVSS 8.8 (high): Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL…
CVE-2019-14693 — CVSS 8.5 (high): Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A…
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2021-20109 — CVSS 7.5 (high): Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to…
CVE-2022-35403 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an…
CVE-2023-26601 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus…
CVE-2021-20108 — CVSS 7.5 (high): Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS…
CVE-2019-19034 — CVSS 7.2 (high): Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically…
CVE-2022-40772 — CVSS 6.5 (medium): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive…
CVE-2023-26600 — CVSS 6.5 (medium): ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer…
CVE-2020-8838 — CVSS 6.4 (medium): An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and…
CVE-2019-12595 — CVSS 6.1 (medium): An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
CVE-2023-23075 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
CVE-2018-17596 — CVSS 6.1 (medium): In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName…
CVE-2019-12537 — CVSS 6.1 (medium): An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
CVE-2019-12597 — CVSS 6.1 (medium): An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.
CVE-2019-12596 — CVSS 6.1 (medium): An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2022-40771 — CVSS 4.9 (medium): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information…
CVE-2023-29443 — CVSS 4.9 (medium): Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer…
CVE-2015-2169 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject…
CVE-2012-5956 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to…
CVE-2015-5061 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated…