) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:zohocorp:manageengine_applications_manager:13.1:13100
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-11740 |
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. Published: May 23, 2019; 12:29:08 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-11739 |
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS. Published: May 23, 2019; 12:29:08 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-11738 |
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. Published: May 23, 2019; 12:29:08 PM -0400 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |