Zohocorp Manageengine_log360
9 CVEs affecting Zohocorp Manageengine_log360. Latest disclosed: 2023-08-28. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-20136 | Critical | 9.8 | 2021-11-01 | ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote… |
CVE-2021-40177 | Critical | 9.8 | 2021-08-29 | Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. |
CVE-2021-40175 | Critical | 9.8 | 2021-08-29 | Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. |
CVE-2020-24786 | Critical | 9.8 | 2020-08-31 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build n… |
CVE-2021-40174 | High | 8.8 | 2021-08-29 | Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. |
CVE-2021-40172 | High | 8.8 | 2021-08-29 | Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. |
CVE-2023-35785 | High | 8.1 | 2023-08-28 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7… |
CVE-2021-40178 | Medium | 6.1 | 2021-08-29 | Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. |
CVE-2021-40176 | Medium | 6.1 | 2021-08-29 | Zoho ManageEngine Log360 before Build 5225 allows stored XSS. |