Zohocorp Manageengine Desktop Central — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Desktop Central, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (48)
CVE-2014-9371 — CVSS 10.0 (critical): The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON…
CVE-2017-7213 — CVSS 10.0 (critical): Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via…
CVE-2020-15588 — CVSS 9.8 (critical): An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an…
CVE-2014-5007 — CVSS 9.8 (critical): Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed…
CVE-2018-5338 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database…
CVE-2018-5339 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type…
CVE-2013-7390 — CVSS 9.8 (critical): Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows…
CVE-2018-5341 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension…
CVE-2015-2560 — CVSS 9.8 (critical): Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an…
CVE-2017-11346 — CVSS 9.8 (critical): Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of…
CVE-2017-16924 — CVSS 9.8 (critical): Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download…
CVE-2018-11716 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a…
CVE-2018-11717 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent…
CVE-2020-8540 — CVSS 9.8 (critical): An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated…
CVE-2018-5337 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when…
CVE-2021-44757 — CVSS 9.1 (critical): Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication…
CVE-2020-28050 — CVSS 9.1 (critical): Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the…
CVE-2021-46164 — CVSS 8.8 (high): Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the…
CVE-2022-48362 — CVSS 8.8 (high): Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to…
CVE-2018-13411 — CVSS 8.8 (high): An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be…
CVE-2020-15589 — CVSS 8.1 (high): A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of…
CVE-2019-12133 — CVSS 7.8 (high): Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine…
CVE-2018-13412 — CVSS 7.8 (high): An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a…
CVE-2020-9367 — CVSS 7.8 (high): The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and…
CVE-2021-46165 — CVSS 7.8 (high): Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path…
CVE-2018-12999 — CVSS 7.5 (high): Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on…
CVE-2014-5006 — CVSS 7.5 (high): Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute…
CVE-2014-5005 — CVSS 7.5 (high): Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute…
CVE-2020-8509 — CVSS 7.5 (high): Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive…
CVE-2021-37414 — CVSS 7.5 (high): Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
CVE-2019-12876 — CVSS 7.3 (high): Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege…
CVE-2018-5340 — CVSS 7.2 (high): An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account…
CVE-2018-5342 — CVSS 7.2 (high): An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL)…
CVE-2020-24397 — CVSS 7.2 (high): An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an…
CVE-2014-9331 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack…
CVE-2023-4769 — CVSS 6.6 (medium): A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component…
CVE-2020-10859 — CVSS 6.5 (medium): Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory…
CVE-2022-23863 — CVSS 6.5 (medium): Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
CVE-2021-46166 — CVSS 6.5 (medium): Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting…
CVE-2018-8722 — CVSS 6.1 (medium): Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
CVE-2018-16833 — CVSS 6.1 (medium): Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
CVE-2023-4767 — CVSS 6.1 (medium): A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a…
CVE-2023-4768 — CVSS 6.1 (medium): A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a…
CVE-2019-15510 — CVSS 6.1 (medium): ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the…
CVE-2019-16962 — CVSS 5.4 (medium): Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
CVE-2022-23779 — CVSS 5.3 (medium): Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered…