Skip to main content

Manageengine Assetexplorer

24 CVEs product

Monthly

CVE-2023-6105 MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus Manageengine Appcreator Manageengine Application Control Plus +36
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-35785 HIGH PATCH This Week

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Zoho Authentication Bypass Manageengine Ad360 Manageengine Adaudit Plus +15
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2023-29443 MEDIUM This Month

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
4.9
EPSS
3.0%
CVE-2023-26601 HIGH This Week

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
7.5
EPSS
34.1%
CVE-2023-26600 MEDIUM This Month

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
6.5
EPSS
6.3%
CVE-2023-23075 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2022-40772 MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zoho Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-40771 MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Information Disclosure Zoho XXE Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +2
NVD
CVSS 3.1
4.9
EPSS
3.5%
CVE-2022-35403 HIGH PATCH This Week

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho Information Disclosure Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus +1
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2021-20110 CRITICAL Act Now

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Manageengine Assetexplorer
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2021-20109 HIGH This Week

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Manageengine Assetexplorer
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20108 HIGH This Week

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Manageengine Assetexplorer
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-8838 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Zoho Microsoft RCE Manageengine Assetexplorer
NVD
CVSS 3.1
6.4
EPSS
1.6%
CVE-2019-14693 HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2019-12994 CRITICAL Act Now

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
9.1
EPSS
4.4%
CVE-2019-12959 HIGH This Week

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2019-12597 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12596 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12595 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12537 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2018-17596 MEDIUM This Month

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
CVSS 3.0
6.1
EPSS
2.3%
CVE-2015-5061 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-2169 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.1%
CVE-2012-5956 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Manageengine Assetexplorer
NVD
CVSS 2.0
4.3
EPSS
1.5%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus +38
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Zoho Authentication Bypass +17
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer +3
NVD
EPSS 34% CVSS 7.5
HIGH This Week

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Assetexplorer +3
NVD
EPSS 6% CVSS 6.5
MEDIUM This Month

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Assetexplorer +3
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zoho Manageengine Servicedesk Plus +3
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Information Disclosure Zoho XXE +4
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho Information Disclosure Manageengine Servicedesk Plus +3
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Manageengine Assetexplorer
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Manageengine Assetexplorer
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Manageengine Assetexplorer
NVD
EPSS 2% CVSS 6.4
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Zoho Microsoft RCE +1
NVD
EPSS 4% CVSS 8.1
HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM This Month

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
EPSS 4% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Manageengine Assetexplorer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy