Zohocorp Manageengine Log360 — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Log360, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2020-24786 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService…
CVE-2021-20136 — CVSS 9.8 (critical): ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An…
CVE-2021-40175 — CVSS 9.8 (critical): Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
CVE-2021-40174 — CVSS 8.8 (high): Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2021-40178 — CVSS 6.1 (medium): Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.