Summary
| Detail | |||
|---|---|---|---|
| Vendor | Zohocorp | First view | 2021-02-03 |
| Product | Manageengine Opmanager | Last view | 2024-08-23 |
| Version | 12.5 | Type | Application |
| Update | build125180 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:zohocorp:manageengine_opmanager | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2024-08-23 | CVE-2024-5466 | Zohocorp ManageEngine OpManager andĀ Remote Monitoring and Management versionsĀ 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. |
| 8.6 | 2024-01-08 | CVE-2023-47211 | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. |
| 8.8 | 2023-05-04 | CVE-2023-31099 | Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. |
| 5.4 | 2023-03-30 | CVE-2022-43473 | A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability. |
| 8.2 | 2022-07-18 | CVE-2022-35404 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. |
| 9.8 | 2022-05-05 | CVE-2022-29535 | Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. |
| 8.8 | 2022-04-18 | CVE-2022-27908 | Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. |
| 9.8 | 2021-12-09 | CVE-2021-44514 | OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. |
| 9.8 | 2021-10-13 | CVE-2021-41075 | The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. |
| 9.8 | 2021-10-13 | CVE-2021-40493 | Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. |
| 9.8 | 2021-09-30 | CVE-2021-41288 | Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. |
| 9.8 | 2021-04-22 | CVE-2021-3287 | Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. |
| 9.1 | 2021-04-01 | CVE-2021-20078 | Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS. |
| 9.8 | 2021-02-03 | CVE-2020-28653 | Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 45% (5) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 18% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 9% (1) | CWE-502 | Deserialization of Untrusted Data |
| 9% (1) | CWE-287 | Improper Authentication |
| 9% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 9% (1) | CWE-20 | Improper Input Validation |
