Skip to main content

Manageengine Remote Access Plus

10 CVEs product

Monthly

CVE-2023-6105 MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus Manageengine Appcreator Manageengine Application Control Plus +36
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-26777 MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2022-26653 MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-42955 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42954 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41829 HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-41828 HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2021-41827 HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-15589 HIGH This Week

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zoho RCE Manageengine Desktop Central Manageengine Remote Access Plus
NVD
CVSS 3.1
8.1
EPSS
8.3%
CVE-2020-8422 MEDIUM This Month

An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
4.3
EPSS
1.4%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus +38
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Zoho Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
EPSS 8% CVSS 8.1
HIGH This Week

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zoho RCE Manageengine Desktop Central +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy