ZohoCorp ManageEngine OpManager 12.2
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_opmanager:12.2:*:*:*:*:*:*:*
part: a version: 12.2 update: *
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Opmanager (2325af94-7fc7-577f-bf28-675a973224ed) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-11561 |
vulnerable | 2026-06-03 14:36:28.945361 |
Details available
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
Published: 2019-05-23T15:32:59.000Z
Updated: 2024-08-05T18:12:40.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-11560 |
vulnerable | 2026-06-03 14:36:28.944819 |
Details available
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.
Published: 2019-05-23T17:07:27.000Z
Updated: 2024-08-05T18:12:40.351Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-11559 |
vulnerable | 2026-06-03 14:36:28.944322 |
Details available
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
Published: 2019-05-23T17:09:19.000Z
Updated: 2024-08-05T18:12:40.323Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-9107 |
vulnerable | 2026-06-03 14:35:18.756144 |
Details available
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
Published: 2017-08-04T00:00:00.000Z
Updated: 2024-08-06T08:36:31.930Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.