This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Zohocorp First view 2021-11-11
Product Manageengine Network Configuration Manager Last view 2024-01-08
Version 12.4 Type Application
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:zohocorp:manageengine_network_configuration_manager

Activity : Overall

Related : CVE

  Date Alert Description
8.6 2024-01-08 CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

8.2 2022-07-18 CVE-2022-35404

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.

9.8 2021-11-30 CVE-2021-43319

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.

9.8 2021-11-11 CVE-2021-41081

Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.

9.8 2021-11-11 CVE-2021-41080

Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
20% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
20% (1) CWE-20 Improper Input Validation