COOEY // HUBcompliance · community · intelligence

FAIL › dossier

ManageEngine product

6
failure events
1
zero-days
6
RCEs
6
on KEV
2
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 6 events

DateEventSevFlagsShameSummary
2023-01-23 CVE-2022-47966 critical ⚡RCE ⌖KEV 95 Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.
2021-11-03 CVE-2021-40539 critical ⚡RCE ◐0day ⌖KEV 95 Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
2023-03-07 CVE-2022-28810 high ⚡RCE ⌖KEV 65 Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.
2022-09-22 CVE-2022-35405 high ⚡RCE ⌖KEV 65 Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
2021-11-03 CVE-2019-8394 high ⚡RCE ⌖KEV 65 Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
2021-11-03 CVE-2020-10189 high ⚡RCE ⌖KEV 65 Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.