Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.2:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-47211 |
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. Published: January 08, 2024; 10:15:25 AM -0500 |
V3.1: 8.6 HIGH V2.0:(not available) |
CVE-2023-6105 |
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Published: November 15, 2023; 4:15:08 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-35404 |
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Published: July 18, 2022; 9:15:10 AM -0400 |
V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2021-43319 |
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Published: November 30, 2021; 2:15:10 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-18980 |
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. Published: November 05, 2018; 11:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |