ZohoCorp ManageEngine OpManager 12.5 Build 125123
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*
part: a version: 12.5 update: build125123
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Opmanager (2325af94-7fc7-577f-bf28-675a973224ed) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-6105 |
vulnerable | 2026-06-03 14:53:50.542970 |
ManageEngine Information Disclosure in Multiple Products
MEDIUM (5.5)
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
Published: 2023-11-15T20:57:47.981Z
Updated: 2025-02-13T17:26:03.759Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35404 |
vulnerable | 2026-06-03 14:47:37.998461 |
Details available
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.
Published: 2022-07-18T12:25:32.000Z
Updated: 2024-08-03T09:36:44.178Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29535 |
vulnerable | 2026-06-03 14:46:58.526238 |
Details available
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
Published: 2022-05-05T22:17:40.000Z
Updated: 2024-08-03T06:26:06.231Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27908 |
vulnerable | 2026-06-03 14:46:54.154493 |
Details available
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
Published: 2022-04-18T12:17:13.000Z
Updated: 2024-08-03T05:41:10.774Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44514 |
vulnerable | 2026-06-03 14:45:36.268083 |
Details available
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories.
Published: 2021-12-09T19:15:27.000Z
Updated: 2024-08-04T04:25:16.790Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-41288 |
vulnerable | 2026-06-03 14:45:25.464027 |
Details available
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.
Published: 2021-09-30T18:11:14.000Z
Updated: 2024-08-04T03:08:31.921Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-41075 |
vulnerable | 2026-06-03 14:45:25.012068 |
Details available
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
Published: 2021-10-13T22:12:29.000Z
Updated: 2024-08-04T02:59:31.280Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-40493 |
vulnerable | 2026-06-03 14:45:24.132209 |
Details available
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
Published: 2021-10-13T22:07:34.000Z
Updated: 2024-08-04T02:44:10.865Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3287 |
vulnerable | 2026-06-03 14:45:10.354793 |
Details available
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Published: 2021-04-22T12:58:00.000Z
Updated: 2024-08-03T16:53:16.496Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20078 |
vulnerable | 2026-06-03 14:43:40.886624 |
Details available
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.
Published: 2021-04-01T18:03:48.000Z
Updated: 2024-08-03T17:30:07.492Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-28653 |
vulnerable | 2026-06-03 14:42:21.613573 |
Details available
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Published: 2021-02-03T16:00:18.000Z
Updated: 2024-08-04T16:40:59.809Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13818 |
vulnerable | 2026-06-03 14:41:37.166924 |
Details available
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
Published: 2020-06-04T12:51:17.000Z
Updated: 2024-08-04T12:25:16.515Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-12116 |
vulnerable | 2026-06-03 14:41:33.436052 |
Details available
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
Published: 2020-05-07T19:13:32.000Z
Updated: 2024-08-04T11:48:58.278Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.