CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10203 – Agent Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-10203
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. Las versiones 11.3.2416.21 y anteriores, 11.3.2428.9 y anteriores de Zohocorp ManageEngine EndPoint Central son vulnerables a la eliminación arbitraria de archivos en las máquinas instaladas por el agente. • https://www.manageengine.com/products/desktop-central/cve-2024-10203.html • CWE-269: Improper Privilege Management •
CVSS: 7.6EPSS: 1%CPEs: 2EXPL: 0CVE-2024-38868 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38868
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 • https://www.manageengine.com/products/desktop-central/security-updates-ngav.html • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 1%CPEs: 2EXPL: 0CVE-2024-38869 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38869
An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. • https://www.manageengine.com/products/service-desk/CVE-2024-41150.html https://www.manageengine.com/products/desktop-central/security-updates-config-access.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19554
https://notcve.org/view.php?id=CVE-2020-19554
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en ManageEngine OPManager versiones anteriores a 12.5.174 incluyéndola, cuando la clave API contiene una carga útil XSS basada en XML • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28960
https://notcve.org/view.php?id=CVE-2021-28960
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. Zoho ManageEngine Desktop Central antes de la versión 10.0.683 permite la inyección de comandos no autenticados debido al manejo inadecuado de un comando de entrada en las operaciones bajo demanda • https://www.manageengine.com https://www.manageengine.com/products/desktop-central/unauthenticated-command-injection-vulnerability.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •