National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:zohocorp:manageengine_opmanager:12.3:123014
There are 11 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-20339

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.

Published: December 21, 2018; 04:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20338

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.

Published: December 21, 2018; 04:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20173

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.

Published: December 17, 2018; 03:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-19921

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.

Published: December 06, 2018; 05:29:04 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18716

Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.

Published: November 20, 2018; 02:29:01 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18715

Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.

Published: November 20, 2018; 02:29:01 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19288

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.

Published: November 15, 2018; 01:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18980

An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.

Published: November 05, 2018; 11:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-18949

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.

Published: November 05, 2018; 04:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18475

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.

Published: October 23, 2018; 05:30:54 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18262

Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.

Published: October 17, 2018; 10:29:01 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM