Zohocorp Manageengine Opmanager — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Opmanager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (56)
CVE-2021-41075 — CVSS 9.8 (critical): The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
CVE-2015-9107 — CVSS 9.8 (critical): Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored…
CVE-2020-28653 — CVSS 9.8 (critical): Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update…
CVE-2021-3287 — CVSS 9.8 (critical): Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization…
CVE-2021-40493 — CVSS 9.8 (critical): Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the…
CVE-2019-15106 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute…
CVE-2019-17602 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL…
CVE-2020-10541 — CVSS 9.8 (critical): Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This…
CVE-2021-20078 — CVSS 9.1 (critical): Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in…
CVE-2023-47211 — CVSS 9.1 (critical): A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP…
CVE-2015-7766 — CVSS 9.0 (critical): PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions…
CVE-2015-7765 — CVSS 9.0 (critical): ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which…
CVE-2024-5466 — CVSS 8.8 (high): Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote…
CVE-2023-31099 — CVSS 8.8 (high): Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
CVE-2022-27908 — CVSS 8.8 (high): Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVE-2022-35404 — CVSS 8.2 (high): ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation…
CVE-2019-17421 — CVSS 7.8 (high): Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072…
CVE-2019-12133 — CVSS 7.8 (high): Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine…
CVE-2018-12997 — CVSS 7.5 (high): Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager…
CVE-2014-6035 — CVSS 7.5 (high): Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote…
CVE-2014-7863 — CVSS 7.5 (high): The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through…
CVE-2014-7864 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5…
CVE-2014-7866 — CVSS 7.5 (high): Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT…
CVE-2014-7867 — CVSS 7.5 (high): SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3…
CVE-2014-7868 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow…
CVE-2017-11559 — CVSS 7.5 (high): An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and…
CVE-2018-17283 — CVSS 7.5 (high): Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a…
CVE-2018-18980 — CVSS 7.5 (high): An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before…
CVE-2020-11527 — CVSS 7.5 (high): In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
CVE-2020-11946 — CVSS 7.5 (high): Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.
CVE-2020-12116 — CVSS 7.5 (high): Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read…
CVE-2020-13818 — CVSS 7.5 (high): In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
CVE-2017-11561 — CVSS 6.5 (medium): An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group…
CVE-2014-6036 — CVSS 6.4 (medium): Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and…
CVE-2022-43473 — CVSS 5.8 (medium): A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2017-11560 — CVSS 5.4 (medium): An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an…
CVE-2014-6034 — CVSS 5.0 (medium): Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine…