U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*
  • CPE Name Search: true
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2021-44514

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.

Published: December 09, 2021; 3:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-41075

The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.

Published: October 13, 2021; 7:15:07 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-40493

Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.

Published: October 13, 2021; 7:15:07 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-41288

Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.

Published: September 30, 2021; 3:15:07 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-3287

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

Published: April 22, 2021; 9:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.

Published: April 01, 2021; 3:15:13 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 9.4 HIGH
CVE-2020-28653

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

Published: February 03, 2021; 11:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-13818

In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.

Published: June 04, 2020; 9:15:11 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM