Summary
| Detail | |||
|---|---|---|---|
| Vendor | Zohocorp | First view | 2018-02-07 |
| Product | Manageengine Admanager Plus | Last view | 2021-11-11 |
| Version | 7.0 | Type | Application |
| Update | 7063 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:zohocorp:manageengine_admanager_plus | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2021-11-11 | CVE-2021-42002 | Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. |
| 8.8 | 2021-10-13 | CVE-2021-20131 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. |
| 8.8 | 2021-10-13 | CVE-2021-20130 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. |
| 9.8 | 2021-10-07 | CVE-2021-38298 | Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. |
| 9.8 | 2021-10-07 | CVE-2021-37931 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37930 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37929 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37928 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37926 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37924 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37923 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 5.3 | 2021-10-07 | CVE-2021-37922 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. |
| 9.8 | 2021-10-07 | CVE-2021-37921 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37920 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37919 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37918 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| 9.8 | 2021-10-07 | CVE-2021-37762 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. |
| 9.8 | 2021-09-27 | CVE-2021-37761 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. |
| 9.8 | 2021-09-27 | CVE-2021-37539 | Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. |
| 9.8 | 2021-09-22 | CVE-2021-37927 | Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. |
| 9.8 | 2021-09-22 | CVE-2021-37925 | Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. |
| 8.8 | 2021-09-21 | CVE-2021-37741 | ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. |
| 6.1 | 2021-07-17 | CVE-2021-36772 | Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. |
| 6.1 | 2021-07-17 | CVE-2021-36771 | Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. |
| 9.8 | 2021-07-17 | CVE-2021-33911 | Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 61% (16) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 11% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 7% (2) | CWE-287 | Improper Authentication |
| 3% (1) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 3% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 3% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 3% (1) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
| 3% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
