Manageengine Eventlog Analyzer Zoho Corp Manageengine Eventlog Analyzer

Do you want an email whenever new security vulnerabilities are reported in Zoho Corp Manageengine Eventlog Analyzer?

By the Year

In 2021 there have been 0 vulnerabilities in Zoho Corp Manageengine Eventlog Analyzer . Last year Manageengine Eventlog Analyzer had 1 security vulnerability published. Right now, Manageengine Eventlog Analyzer is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 1 9.80
2019 2 8.30
2018 4 6.10

It may take a day or so for new Manageengine Eventlog Analyzer vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Zoho Corp Manageengine Eventlog Analyzer Security Vulnerabilities

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510

CVE-2020-24786 9.8 - Critical - August 31, 2020

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.

authentification

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110

CVE-2019-19774 8.8 - High - December 13, 2019

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.

Multiple Zoho ManageEngine products suffer

CVE-2019-12133 7.8 - High - June 18, 2019

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.

Incorrect Permission Assignment for Critical Resource

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12

CVE-2018-10075 6.1 - Medium - July 02, 2018

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.

XSS

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12

CVE-2018-10076 6.1 - Medium - July 02, 2018

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).

XSS

Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen

CVE-2018-8721 6.1 - Medium - March 15, 2018

Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen

XSS

Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120

CVE-2018-7405 6.1 - Medium - March 13, 2018

Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Zoho Corp Manageengine Eventlog Analyzer or by Zoho Corp? Click the Watch button to subscribe.

subscribe