Zohocorp Manageengine_applications_manager

56 CVEs affecting Zohocorp Manageengine_applications_manager. Latest disclosed: 2025-12-18. Critical: 19, High: 19.

Top CVEs affecting Zohocorp Manageengine_applications_manager
CVESeverityScorePublishedSummary
CVE-2020-24743Critical9.82021-11-03An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid para…
CVE-2020-27995Critical9.82020-10-29SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid p…
CVE-2020-15533Critical9.82020-10-01In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthentica…
CVE-2020-15394Critical9.82020-09-25The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code…
CVE-2019-19649Critical9.82019-12-11Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventSe…
CVE-2019-11469Critical9.82019-04-23Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain t…
CVE-2019-11448Critical9.82019-04-22An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due…
CVE-2018-15168Critical9.82018-08-08A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?met…
CVE-2016-9498Critical9.82018-07-13ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote use…
CVE-2018-13050Critical9.82018-07-02A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST…
CVE-2018-7890Critical9.82018-03-08A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do end…
CVE-2017-16851Critical9.82017-11-16Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
CVE-2017-16850Critical9.82017-11-16Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
CVE-2017-16849Critical9.82017-11-16Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
CVE-2017-16848Critical9.82017-11-16Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
CVE-2017-16847Critical9.82017-11-16Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
CVE-2017-16846Critical9.82017-11-16Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
CVE-2017-16543Critical9.82017-11-05Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or…
CVE-2018-11808Critical9.12018-06-06Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any fi…
CVE-2020-28679High8.82022-01-10A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injectio…