Zoho Corporation Manageengine Opmanager Plus 12.6 Build126113
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*
part: a version: 12.6 update: build126113
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Opmanager Plus (ec303168-0e11-5f6d-ba98-5bb2b2770a0b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-43473 |
vulnerable | 2026-06-03 14:48:14.321510 |
Details available
MEDIUM (5.8)
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve
a malicious XML payload to trigger this vulnerability.
Published: 2023-03-30T16:28:35.983Z
Updated: 2025-02-11T19:14:03.416Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38772 |
vulnerable | 2026-06-03 14:47:50.311936 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37024 |
vulnerable | 2026-06-03 14:47:41.390052 |
Details available
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
Published: 2022-08-09T15:15:36.000Z
Updated: 2024-08-03T10:21:32.557Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36923 |
vulnerable | 2026-06-03 14:47:41.044924 |
Details available
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
Published: 2022-08-10T14:17:09.000Z
Updated: 2025-08-27T18:47:32.363Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.