FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2023-01-23 | CVE-2022-47966 | critical | ⚡RCE ⌖KEV | 95 | Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario. |
| 2021-11-03 | CVE-2021-40539 | critical | ⚡RCE ◐0day ⌖KEV | 95 | Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution. |
| 2023-03-07 | CVE-2022-28810 | high | ⚡RCE ⌖KEV | 65 | Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset. |
| 2022-09-22 | CVE-2022-35405 | high | ⚡RCE ⌖KEV | 65 | Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution. |
| 2021-12-10 | CVE-2021-44515 | high | ⚡RCE ⌖KEV | 65 | Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. |
| 2021-12-01 | CVE-2021-44077 | high | ⚡RCE ⌖KEV | 65 | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution |
| 2021-11-03 | CVE-2019-8394 | high | ⚡RCE ⌖KEV | 65 | Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. |
| 2021-11-03 | CVE-2020-10189 | high | ⚡RCE ⌖KEV | 65 | Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution. |
| 2021-12-01 | CVE-2021-37415 | high | ⌖KEV | 50 | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication |