CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-44525
https://notcve.org/view.php?id=CVE-2021-44525
20 Dec 2021 — Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. Zoho ManageEngine PAM360 versiones anteriores a la compilación 5303, permite a atacantes modificar algunos aspectos del estado de la aplicación debido a una omisión de filtro en la autenticación no es requerida • https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 35EXPL: 0CVE-2021-44675
https://notcve.org/view.php?id=CVE-2021-44675
20 Dec 2021 — Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10.5 Build 10534, es vulnerable a una ejecución de código remota sin autenticación debido a una omisión de filtro en la que no es requerida autenticación • https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 7%CPEs: 5EXPL: 0CVE-2021-44676
https://notcve.org/view.php?id=CVE-2021-44676
20 Dec 2021 — Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. Zoho ManageEngine Access Manager Plus versiones anteriores a 4203, permite a cualquiera visualizar algunos elementos de datos (por ejemplo, detalles de control de acceso) y modificar algunos aspectos del estado de la aplicación • https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 94%CPEs: 4EXPL: 1CVE-2021-44515 – Zoho Desktop Central Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-44515
12 Dec 2021 — Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. • https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp •
CVSS: 9.8EPSS: 6%CPEs: 130EXPL: 0CVE-2021-44514
https://notcve.org/view.php?id=CVE-2021-44514
09 Dec 2021 — OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. OpUtils en Zoho ManageEngine OpManager 12.5 antes de 125490 maneja mal la autenticación para algunos directorios de auditoría • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125490 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 22%CPEs: 104EXPL: 0CVE-2021-42099
https://notcve.org/view.php?id=CVE-2021-42099
30 Nov 2021 — Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Zoho ManageEngine M365 Manager Plus versiones anteriores a 4421, es vulnerable a una ejecución de código remota de carga de archivos • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 74%CPEs: 124EXPL: 0CVE-2021-43319
https://notcve.org/view.php?id=CVE-2021-43319
30 Nov 2021 — Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Zoho ManageEngine Network Configuration Manager versiones anteriores a 125488, es vulnerable a una inyección de comandos debido a que la comprobación de la funcionalidad Ping no es apropiada • https://manageengine.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 7%CPEs: 16EXPL: 0CVE-2021-43296
https://notcve.org/view.php?id=CVE-2021-43296
30 Nov 2021 — Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo SSRF en ActionExecutor • https://manageengine.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 5%CPEs: 16EXPL: 0CVE-2021-43295
https://notcve.org/view.php?id=CVE-2021-43295
30 Nov 2021 — Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Accounts • https://manageengine.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 5%CPEs: 16EXPL: 0CVE-2021-43294
https://notcve.org/view.php?id=CVE-2021-43294
30 Nov 2021 — Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Products • https://manageengine.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •