Summary
| Detail | |||
|---|---|---|---|
| Vendor | Zohocorp | First view | 2021-11-11 |
| Product | Manageengine Network Configuration Manager | Last view | 2024-01-08 |
| Version | 12.4 | Type | Application |
| Update | build124099 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:zohocorp:manageengine_network_configuration_manager | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.6 | 2024-01-08 | CVE-2023-47211 | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. |
| 8.2 | 2022-07-18 | CVE-2022-35404 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. |
| 9.8 | 2021-11-30 | CVE-2021-43319 | Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. |
| 9.8 | 2021-11-11 | CVE-2021-41081 | Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. |
| 9.8 | 2021-11-11 | CVE-2021-41080 | Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 20% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 20% (1) | CWE-20 | Improper Input Validation |
