CVSS: 5.5EPSS: 0%CPEs: 788EXPL: 1CVE-2023-6105 – ManageEngine Information Disclosure in Multiple Products
https://notcve.org/view.php?id=CVE-2023-6105
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Existe una vulnerabilidad de divulgación de información en varios productos ManageEngine que puede provocar la exposición de claves de cifrado. Un usuario de sistema operativo con pocos privilegios y acceso al host donde está instalado un producto ManageEngine afectado puede ver y utilizar la clave expuesta para descifrar las contraseñas de la base de datos del producto. • https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html https://www.tenable.com/security/research/tra-2023-35 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 14%CPEs: 14EXPL: 0CVE-2022-47523
https://notcve.org/view.php?id=CVE-2022-47523
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. Zoho ManageEngine Access Manager Plus anterior a 4309, Password Manager Pro anterior a 12210 y PAM360 anterior a 5801 son vulnerables a la inyección SQL. • https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •