Summary
Detail | |||
---|---|---|---|
Vendor | Zohocorp | First view | 2021-11-11 |
Product | Manageengine Network Configuration Manager | Last view | 2024-01-08 |
Version | 12.4 | Type | Application |
Update | build124099 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:zohocorp:manageengine_network_configuration_manager |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.6 | 2024-01-08 | CVE-2023-47211 | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. |
8.2 | 2022-07-18 | CVE-2022-35404 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. |
9.8 | 2021-11-30 | CVE-2021-43319 | Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. |
9.8 | 2021-11-11 | CVE-2021-41081 | Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. |
9.8 | 2021-11-11 | CVE-2021-41080 | Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
20% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
20% (1) | CWE-20 | Improper Input Validation |