COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Zoho vendor

9
failure events
1
zero-days
8
RCEs
9
on KEV
2
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 9 events

DateEventSevFlagsShameSummary
2023-01-23 CVE-2022-47966 critical ⚡RCE ⌖KEV 95 Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.
2021-11-03 CVE-2021-40539 critical ⚡RCE ◐0day ⌖KEV 95 Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
2023-03-07 CVE-2022-28810 high ⚡RCE ⌖KEV 65 Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.
2022-09-22 CVE-2022-35405 high ⚡RCE ⌖KEV 65 Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
2021-12-10 CVE-2021-44515 high ⚡RCE ⌖KEV 65 Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
2021-12-01 CVE-2021-44077 high ⚡RCE ⌖KEV 65 Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
2021-11-03 CVE-2019-8394 high ⚡RCE ⌖KEV 65 Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
2021-11-03 CVE-2020-10189 high ⚡RCE ⌖KEV 65 Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.
2021-12-01 CVE-2021-37415 high ⌖KEV 50 Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication