CVSS: 3.3EPSS: 0%CPEs: 25EXPL: 0CVE-2022-42903
https://notcve.org/view.php?id=CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. Zoho ManageEngine SupportCenter Plus hasta 11024 permite a los usuarios con pocos privilegios ver la lista de usuarios de la organización. • https://www.manageengine.com/products/support-center/cve-2022-42903.html • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2022-43672
https://notcve.org/view.php?id=CVE-2022-43672
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. Zoho ManageEngine Password Manager Pro versiones anteriores a la 12122, PAM360 versiones anteriores a la 5711 y Access Manager Plus versiones anteriores a la 4306 permiten la inyección de SQL (en un componente de software diferente en relación con CVE-2022-43671. • https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2022-43671
https://notcve.org/view.php?id=CVE-2022-43671
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. Zoho ManageEngine Password Manager Pro anterior a 12122, PAM360 anterior a 5711 y Access Manager Plus anterior a 4306 permiten la inyección SQL. • https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43671.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40773 – ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. Zoho ManageEngine ServiceDesk Plus MSP anterior a 10609 y SupportCenter Plus anterior a 11025 son vulnerables a la escalada de privilegios. Esto permite a los usuarios obtener datos sensibles durante una exportación de solicitudes exportMickeyList desde la vista de lista. This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. • https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html https://www.zerodayinitiative.com/advisories/ZDI-22-1490 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41339
https://notcve.org/view.php?id=CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. En Zoho ManageEngine Mobile Device Manager Plus anterior a 10.1.2207.5, el módulo Administración de Usuarios permite la escalada de privilegios. • https://www.manageengine.com/mobile-device-management/kb/CVE-2022-41339.html •