Zohocorp Manageengine_network_configuration_manager
14 CVEs affecting Zohocorp Manageengine_network_configuration_manager. Latest disclosed: 2024-01-08. Critical: 4, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43319 | Critical | 9.8 | 2021-11-30 | Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. |
CVE-2021-41081 | Critical | 9.8 | 2021-11-11 | Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. |
CVE-2021-41080 | Critical | 9.8 | 2021-11-11 | Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. |
CVE-2023-47211 | Critical | 9.1 | 2024-01-08 | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbi… |
CVE-2022-38772 | High | 8.8 | 2022-08-29 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126… |
CVE-2022-37024 | High | 8.8 | 2022-08-10 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 (… |
CVE-2022-35404 | High | 8.2 | 2022-07-18 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. |
CVE-2019-12133 | High | 7.8 | 2019-06-18 | Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub… |
CVE-2022-36923 | High | 7.5 | 2022-08-10 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 t… |
CVE-2018-18980 | High | 7.5 | 2018-11-06 | An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML… |
CVE-2018-12997 | High | 7.5 | 2018-06-29 | Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128… |
CVE-2018-12998 | Medium | 6.1 | 2018-06-29 | A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 1231… |
CVE-2023-6105 | Medium | 5.5 | 2023-11-15 | An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user wit… |
CVE-2023-29505 | Medium | 4.3 | 2023-08-04 | An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. |