Zohocorp Manageengine Remote Access Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Remote Access Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2019-11361 — CVSS 8.8 (high): Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually…
CVE-2020-15589 — CVSS 8.1 (high): A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of…
CVE-2021-42954 — CVSS 7.8 (high): Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation…
CVE-2021-41829 — CVSS 7.5 (high): Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
CVE-2021-41827 — CVSS 7.5 (high): Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source…
CVE-2021-41828 — CVSS 7.5 (high): Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
CVE-2021-42955 — CVSS 7.3 (high): Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2022-26653 — CVSS 5.3 (medium): Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an…
CVE-2022-26777 — CVSS 5.3 (medium): Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
CVE-2019-16268 — CVSS 4.8 (medium): Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration…
CVE-2019-20474 — CVSS 4.3 (medium): An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an…
CVE-2020-8422 — CVSS 4.3 (medium): An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user…