GCVE - cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*

part: a version: 11.4 update: *

Vendor	Zohocorp (`4f1ab088-ab0e-54ac-b0dc-2304879a7502`)
Product	Manageengine Opmanager (`2325af94-7fc7-577f-bf28-675a973224ed`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-19921`	vulnerable	2026-06-03 14:38:29.791525	Details available Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Published: 2018-12-06T22:00:00.000Z Updated: 2024-09-16T21:09:00.961Z Open on db.gcve.eu Reference links https://www.manageengine.com/network-monitoring/help/read-me.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19288`	vulnerable	2026-06-03 14:38:29.141738	Details available Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. Published: 2018-11-15T06:00:00.000Z Updated: 2024-08-05T11:30:04.043Z Open on db.gcve.eu Reference links https://www.manageengine.com/network-monitoring/help/read-me.html http://www.securityfocus.com/bid/105960	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18949`	vulnerable	2026-06-03 14:38:28.624301	Details available Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. Published: 2018-11-05T09:00:00.000Z Updated: 2024-09-16T17:09:10.191Z Open on db.gcve.eu Reference links https://www.manageengine.com/network-monitoring/help/read-me.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18716`	vulnerable	2026-06-03 14:38:28.284274	Details available Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. Published: 2018-11-20T19:00:00.000Z Updated: 2024-08-05T11:16:00.422Z Open on db.gcve.eu Reference links https://seclists.org/bugtraq/2018/Oct/61 http://seclists.org/fulldisclosure/2018/Nov/6 http://packetstormsecurity.com/files/150124/Zoho-ManageEngine-OpManager-12.3-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9107`	vulnerable	2026-06-03 14:35:18.754326	Details available Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor. Published: 2017-08-04T00:00:00.000Z Updated: 2024-08-06T08:36:31.930Z Open on db.gcve.eu Reference links https://github.com/theguly/DecryptOpManager	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7868`	vulnerable	2026-06-03 14:34:16.601086	Details available Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. Published: 2014-12-04T17:00:00.000Z Updated: 2024-08-06T13:03:27.444Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/71002 http://seclists.org/fulldisclosure/2014/Nov/21 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt http://www.securityfocus.com/archive/1/533946/100/0/threaded https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7867`	vulnerable	2026-06-03 14:34:16.600619	Details available SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. Published: 2014-12-04T17:00:00.000Z Updated: 2024-08-06T13:03:27.310Z Open on db.gcve.eu Reference links https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7866`	vulnerable	2026-06-03 14:34:16.600234	Details available Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet. Published: 2014-12-10T18:00:00.000Z Updated: 2024-08-06T13:03:27.344Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2014/Nov/21 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt http://www.securityfocus.com/archive/1/533946/100/0/threaded https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7864`	vulnerable	2026-06-03 14:34:16.595644	Details available Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. Published: 2015-02-04T16:00:00.000Z Updated: 2024-08-06T13:03:27.505Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/100555 http://seclists.org/fulldisclosure/2015/Jan/114 http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet http://www.securityfocus.com/archive/1/534575/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-6035`	vulnerable	2026-06-03 14:34:12.408123	Details available Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. Published: 2014-12-04T17:00:00.000Z Updated: 2024-08-06T12:03:02.336Z Open on db.gcve.eu Reference links https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt http://seclists.org/fulldisclosure/2014/Sep/110	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

ZohoCorp Manageengine OpManager 11.4

PURL mappings

Vulnerability references

Contribute