threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zohocorp manageengine desktop central
Product
zohocorp manageengine desktop central
51 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-4769
all versions
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do compo
6.6
MEDIUM
CVE-2023-4768
all versions
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could al
6.1
MEDIUM
CVE-2023-4767
all versions
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could al
6.1
MEDIUM
CVE-2022-48362
< 10.1.2137.2
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLo
8.8
HIGH
CVE-2022-23779
< 10.1.2137.8
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be dis
5.3
MEDIUM
CVE-2022-23863
< 10.1.2137.10
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
6.5
MEDIUM
CVE-2021-44757
< 10.1.2137.9
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authenti
9.1
CRITICAL
CVE-2021-46166
< 10.0.662
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by
6.5
MEDIUM
CVE-2021-46165
< 10.0.662
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file
7.8
HIGH
CVE-2021-46164
< 10.0.662
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to
8.8
HIGH
CVE-2021-44515
< 10.1.2127.18
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as explo
9.8
CRITICAL
CVE-2021-28960
< 10.0.683
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an in
9.8
CRITICAL
CVE-2021-37414
< 10.0.709
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
7.5
HIGH
CVE-2020-9367
all versions
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe an
7.8
HIGH
CVE-2020-28050
< 10.0.647
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate
9.1
CRITICAL
CVE-2019-16962
all versions
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
5.4
MEDIUM
CVE-2020-24397
all versions
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can t
7.2
HIGH
CVE-2020-15589
all versions
A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client si
8.1
HIGH
CVE-2020-15588
< 10.0.561
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trig
9.8
CRITICAL
CVE-2020-10859
< 10.0.484
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Dir
6.5
MEDIUM
CVE-2020-8509
< 10.0.483
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitiv
7.5
HIGH
CVE-2019-15510
all versions
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via
6.1
MEDIUM
CVE-2020-8540
< 2020-03-07
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauth
9.8
CRITICAL
CVE-2020-10189
< 10.0.479
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in get
9.8
CRITICAL
CVE-2013-7390
>= 7.0.0 and <= 8.0.0
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 al
9.8
CRITICAL
CVE-2014-5007
>= 7.0 and <= 9.0
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Ma
9.8
CRITICAL
CVE-2019-12876
all versions
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to
7.3
HIGH
CVE-2019-12133
all versions
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\Manag
7.8
HIGH
CVE-2018-16833
all versions
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLH
6.1
MEDIUM
CVE-2018-13412
< 10.0.282
An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo
7.8
HIGH
CVE-2018-13411
< 10.0.282
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYST
8.8
HIGH
CVE-2018-11717
< 100251
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependen
9.8
CRITICAL
CVE-2018-11716
< 100230
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log file
9.8
CRITICAL
CVE-2018-12999
all versions
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain
7.5
HIGH
CVE-2018-5342
all versions
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreS
7.2
HIGH
CVE-2018-5341
all versions
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/e
9.8
CRITICAL
CVE-2018-5340
all versions
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (spe
7.2
HIGH
CVE-2018-5339
all versions
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query typ
9.8
CRITICAL
CVE-2018-5338
all versions
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a dat
9.8
CRITICAL
CVE-2018-5337
all versions
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field w
9.8
CRITICAL
CVE-2018-8722
all versions
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
6.1
MEDIUM
CVE-2017-16924
all versions
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to downlo
9.8
CRITICAL
CVE-2015-8249
all versions
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arb
9.8
CRITICAL
CVE-2015-2560
all versions
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator rol
9.8
CRITICAL
CVE-2017-11346
<= 10.0
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the
9.8
CRITICAL
CVE-2017-7213
all versions
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops
10.0
CRITICAL
CVE-2014-9331
<= 9.0
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers
CVE-2014-9371
<= 9.0
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a craf
CVE-2014-3996
<= 9.0
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed S
CVE-2014-5006
<= 9.0
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execut
CVE-2014-5005
<= 9.0
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execut
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin