CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26653
https://notcve.org/view.php?id=CVE-2022-26653
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2137.15, permite a usuarios invitados visualizar los detalles del dominio (como el nombre de usuario y el GUID de un administrador) • https://raxis.com/blog/cve-2022-26653-and-cve-2022-26777 https://www.manageengine.com/remote-desktop-management/advisory/cve-2022-26653.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26777
https://notcve.org/view.php?id=CVE-2022-26777
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2137.15, permite a usuarios invitados visualizar los detalles de la licencia • https://raxis.com/blog/cve-2022-26653-and-cve-2022-26777 https://www.manageengine.com/remote-desktop-management/advisory/cve-2022-26777.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 1CVE-2022-24681
https://notcve.org/view.php?id=CVE-2022-24681
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, permite un ataque de tipo XSS por medio del atributo welcome name en la pantalla Reset Password, Unlock Account, o User Must Change Password • https://manageengine.com https://raxis.com/blog/cve-2022-24681 https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 97%CPEs: 14EXPL: 4CVE-2022-28219 – ManageEngine ADAudit Plus Path Traversal / XML Injection
https://notcve.org/view.php?id=CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. Cewolf en Zoho ManageEngine ADAudit Plus antes de 7060 es vulnerable a un ataque XXE no autenticado que conduce a la ejecución remota de código • https://github.com/horizon3ai/CVE-2022-28219 https://github.com/aeifkz/CVE-2022-28219-Like http://cewolf.sourceforge.net/new/index.html http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html https://manageengine.com https://www.horizon3.ai/red-team-blog-cve-2022-28219 https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html https://attackerkb.com/topics/Zx3qJlmRGY/cve-2022-28219/rapid7-analysis • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 1CVE-2022-25373
https://notcve.org/view.php?id=CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11020, permite el almacenamiento de tipo XSS en el historial de peticiones • https://manageengine.com https://pitstop.manageengine.com/portal/en/community/topic/manageengine-supportcenter-plus-version-11-0-build-11020-released https://raxis.com/blog/cve-2022-25373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •