Zohocorp Manageengine_assetexplorer
26 CVEs affecting Zohocorp Manageengine_assetexplorer. Latest disclosed: 2023-11-15. Critical: 3, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2021-20110 | Critical | 9.8 | 2021-07-19 | Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to mat… |
CVE-2019-12994 | Critical | 9.1 | 2019-08-08 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. |
CVE-2019-12959 | High | 8.8 | 2019-08-08 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. |
CVE-2019-14693 | High | 8.5 | 2019-08-08 | Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could… |
CVE-2023-35785 | High | 8.1 | 2023-08-28 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7… |
CVE-2023-26601 | High | 7.5 | 2023-03-06 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow De… |
CVE-2022-35403 | High | 7.5 | 2022-07-12 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated loca… |
CVE-2021-20109 | High | 7.5 | 2021-07-19 | Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Expl… |
CVE-2021-20108 | High | 7.5 | 2021-07-19 | Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verif… |
CVE-2019-19034 | High | 7.2 | 2020-03-23 | Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command t… |
CVE-2023-26600 | Medium | 6.5 | 2023-03-06 | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privi… |
CVE-2022-40772 | Medium | 6.5 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report mod… |
CVE-2020-8838 | Medium | 6.4 | 2020-03-23 | An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded… |
CVE-2023-23075 | Medium | 6.1 | 2023-02-01 | Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. |
CVE-2019-12597 | Medium | 6.1 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. |
CVE-2019-12596 | Medium | 6.1 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. |
CVE-2019-12595 | Medium | 6.1 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. |
CVE-2019-12537 | Medium | 6.1 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. |
CVE-2018-17596 | Medium | 6.1 | 2018-10-02 | In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. |