CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 1CVE-2021-41827
https://notcve.org/view.php?id=CVE-2021-41827
30 Sep 2021 — Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2121.1, presenta credenciales embebidas para el acceso de sólo lectura. Las credenciales están en el código fuente que corresponde al archivo JAR DCBackupRestore • https://medium.com/nestedif/vulnerability-disclosure-hardcoded-keys-password-zoho-r-a-p-318aa9bba2e • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 1CVE-2021-41828
https://notcve.org/view.php?id=CVE-2021-41828
30 Sep 2021 — Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2121.1, presenta credenciales embebidas asociadas al archivo resetPWD.xml • https://medium.com/nestedif/vulnerability-disclosure-hardcoded-keys-password-zoho-r-a-p-318aa9bba2e • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1CVE-2021-41829
https://notcve.org/view.php?id=CVE-2021-41829
30 Sep 2021 — Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2121.1, es basado en el número de compilación de la aplicación para calcular una determinada clave de cifrado • https://medium.com/nestedif/vulnerability-disclosure-statically-derived-encryption-key-zoho-r-a-p-907088263197 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 37%CPEs: 6EXPL: 0CVE-2021-37761
https://notcve.org/view.php?id=CVE-2021-37761
27 Sep 2021 — Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. Zoho ManageEngine ADManager Plus versión 7110 y anteriores es vulnerable a una carga de archivos sin restricciones, conllevando a una ejecución de código remota • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 38%CPEs: 6EXPL: 0CVE-2021-37539
https://notcve.org/view.php?id=CVE-2021-37539
27 Sep 2021 — Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. Zoho ManageEngine ADManager Plus versiones anteriores a 7111, es vulnerable a un archivo sin restricciones que conlleva a una ejecución de código remota • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37927
https://notcve.org/view.php?id=CVE-2021-37927
22 Sep 2021 — Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, permite una toma de control de cuentas por medio de SSO • https://www.manageengine.com • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 21%CPEs: 5EXPL: 0CVE-2021-37925
https://notcve.org/view.php?id=CVE-2021-37925
22 Sep 2021 — Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, presenta una vulnerabilidad de inyección de comandos Post-Auth OS • https://www.manageengine.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 5%CPEs: 6EXPL: 0CVE-2021-37741
https://notcve.org/view.php?id=CVE-2021-37741
21 Sep 2021 — ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. ManageEngine ADManager Plus versiones anteriores a 7111, presenta vulnerabilidades de RCE de pre-autenticación • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 7%CPEs: 14EXPL: 1CVE-2021-37419
https://notcve.org/view.php?id=CVE-2021-37419
21 Sep 2021 — Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6112, es vulnerable a un ataque de tipo SSRF • https://blog.stmcyber.com/vulns/cve-2021-37419 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 1%CPEs: 14EXPL: 1CVE-2021-37420
https://notcve.org/view.php?id=CVE-2021-37420
21 Sep 2021 — Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6112, es vulnerable a una suplantación de correo • https://blog.stmcyber.com/vulns/cve-2021-37420 • CWE-306: Missing Authentication for Critical Function •