Zohocorp Manageengine_key_manager_plus
5 CVEs affecting Zohocorp Manageengine_key_manager_plus. Latest disclosed: 2023-01-18. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2019-12133 | High | 7.8 | 2019-06-18 | Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub… |
CVE-2022-24447 | Medium | 6.5 | 2022-03-02 | An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to acce… |
CVE-2021-28382 | Medium | 5.4 | 2021-06-07 | Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. |
CVE-2022-24446 | Medium | 4.3 | 2022-03-01 | An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no… |