Zohocorp Manageengine_applications_manager
56 CVEs affecting Zohocorp Manageengine_applications_manager. Latest disclosed: 2025-12-18. Critical: 19, High: 19.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-24743 | Critical | 9.8 | 2021-11-03 | An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid para… |
CVE-2020-27995 | Critical | 9.8 | 2020-10-29 | SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid p… |
CVE-2020-15533 | Critical | 9.8 | 2020-10-01 | In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthentica… |
CVE-2020-15394 | Critical | 9.8 | 2020-09-25 | The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code… |
CVE-2019-19649 | Critical | 9.8 | 2019-12-11 | Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventSe… |
CVE-2019-11469 | Critical | 9.8 | 2019-04-23 | Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain t… |
CVE-2019-11448 | Critical | 9.8 | 2019-04-22 | An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due… |
CVE-2018-15168 | Critical | 9.8 | 2018-08-08 | A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?met… |
CVE-2016-9498 | Critical | 9.8 | 2018-07-13 | ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote use… |
CVE-2018-13050 | Critical | 9.8 | 2018-07-02 | A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST… |
CVE-2018-7890 | Critical | 9.8 | 2018-03-08 | A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do end… |
CVE-2017-16851 | Critical | 9.8 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. |
CVE-2017-16850 | Critical | 9.8 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. |
CVE-2017-16849 | Critical | 9.8 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. |
CVE-2017-16848 | Critical | 9.8 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. |
CVE-2017-16847 | Critical | 9.8 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. |
CVE-2017-16846 | Critical | 9.8 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. |
CVE-2017-16543 | Critical | 9.8 | 2017-11-05 | Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or… |
CVE-2018-11808 | Critical | 9.1 | 2018-06-06 | Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any fi… |
CVE-2020-28679 | High | 8.8 | 2022-01-10 | A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injectio… |