CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0269 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-0269
02 Feb 2024 — ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. Las versiones 7270 e inferiores de ManageEngine ADAudit Plus son vulnerables a la inyección de SQL autenticado en File-Summary DrillDown. Este problema se solucionó y se publicó en la versión 7271. ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0253 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-0253
02 Feb 2024 — ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. Las versiones 7270 e inferiores de ManageEngine ADAudit Plus son vulnerables a la inyección de SQL autenticado en Graph-Data doméstico. ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 8%CPEs: 11EXPL: 0CVE-2023-48792
https://notcve.org/view.php?id=CVE-2023-48792
02 Feb 2024 — Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. Zoho ManageEngine ADAudit Plus hasta 7250 es vulnerable a la inyección SQL en la opción de exportación de informes. • https://manageengine.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 8%CPEs: 15EXPL: 0CVE-2023-48793
https://notcve.org/view.php?id=CVE-2023-48793
02 Feb 2024 — Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. Zoho ManageEngine ADAudit Plus hasta 7250 permite la inyección SQL en la función de informe agregado. • https://manageengine.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 788EXPL: 1CVE-2023-6105 – ManageEngine Information Disclosure in Multiple Products
https://notcve.org/view.php?id=CVE-2023-6105
15 Nov 2023 — An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Existe una vulnerabilidad de divulgación de información en varios productos ManageEngine que puede provocar la exposición de claves de cifrado... • https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 2%CPEs: 235EXPL: 0CVE-2023-35785
https://notcve.org/view.php?id=CVE-2023-35785
28 Aug 2023 — Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and bel... • https://manageengine.com • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2023-37308
https://notcve.org/view.php?id=CVE-2023-37308
07 Jul 2023 — Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. • https://www.manageengine.com/products/active-directory-audit/cve-2023-37308.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 97%CPEs: 158EXPL: 14CVE-2022-47966 – Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-47966
18 Jan 2023 — Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus befor... • https://packetstorm.news/files/id/170925 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 64EXPL: 4CVE-2022-29457 – ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
https://notcve.org/view.php?id=CVE-2022-29457
18 Apr 2022 — Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, ADAuditPlus versión 7060, Exchange Reporter Plus versión 5701, y ADManagerPlus versión 7131, permiten una divulgación de NTLM Hash durante determinados pasos de configuración de la ruta de almacenamiento ManageEngine ADSelfService Plus build 6118 suf... • https://packetstorm.news/files/id/167051 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 97%CPEs: 14EXPL: 6CVE-2022-28219 – ManageEngine ADAudit Plus Path Traversal / XML Injection
https://notcve.org/view.php?id=CVE-2022-28219
05 Apr 2022 — Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. Cewolf en Zoho ManageEngine ADAudit Plus antes de 7060 es vulnerable a un ataque XXE no autenticado que conduce a la ejecución remota de código • https://packetstorm.news/files/id/167997 • CWE-611: Improper Restriction of XML External Entity Reference •