Zohocorp Manageengine Eventlog Analyzer — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Eventlog Analyzer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2020-24786 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService…
CVE-2021-28959 — CVSS 9.8 (critical): Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This…
CVE-2019-19774 — CVSS 8.8 (high): An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from…
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2019-12133 — CVSS 7.8 (high): Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine…
CVE-2014-6039 — CVSS 7.5 (high): ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.
CVE-2014-6038 — CVSS 7.5 (high): Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in…
CVE-2015-7387 — CVSS 7.5 (high): ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute…
CVE-2014-6037 — CVSS 7.5 (high): Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020…
CVE-2014-6043 — CVSS 6.5 (medium): ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which…
CVE-2017-11687 — CVSS 6.1 (medium): Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log…
CVE-2017-11685 — CVSS 6.1 (medium): Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer…
CVE-2017-11686 — CVSS 6.1 (medium): Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS…
CVE-2018-10076 — CVSS 6.1 (medium): An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to…
CVE-2018-7405 — CVSS 6.1 (medium): Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web…
CVE-2018-8721 — CVSS 6.1 (medium): Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profi…
CVE-2014-4930 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote…