CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25245
https://notcve.org/view.php?id=CVE-2022-25245
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización • https://manageengine.com https://raxis.com/blog/cve-2022-25245 https://www.manageengine.com/products/service-desk/cve-2022-25245.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-24978
https://notcve.org/view.php?id=CVE-2022-24978
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. Zoho ManageEngine ADAudit Plus versiones anteriores a 7055, permite una escalada de privilegios autenticada en productos integrados. Esto ocurre porque un campo de contraseña está presente en una respuesta JSON • https://manageengine.com https://pitstop.manageengine.com/portal/en/community/topic/cve-2022-24978-privilege-escalation-vulnerability-manageengine-adaudit-plus • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-24447
https://notcve.org/view.php?id=CVE-2022-24447
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. Se ha detectado un problema en Zoho ManageEngine Key Manager Plus versiones anteriores a 6200. Un servicio expuesto por la aplicación permite a un usuario, con el nivel de Operador, acceder a certificados SSL almacenados y a los pares de claves asociados durante la exportación • https://excellium-services.com/cert-xlm-advisory/cve-2022-24447 https://www.manageengine.com/key-manager/release-notes.html#6200 •
CVSS: 9.8EPSS: 1%CPEs: 75EXPL: 0CVE-2022-24305
https://notcve.org/view.php?id=CVE-2022-24305
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. Zoho ManageEngine SharePoint Manager Plus versiones anteriores a 4329, es vulnerable a un filtrado de datos confidenciales que conllevan a una escalada de privilegios • https://www.manageengine.com/sharepoint-management-reporting/release-notes.html#4329 •
CVSS: 9.8EPSS: 0%CPEs: 75EXPL: 0CVE-2022-24306
https://notcve.org/view.php?id=CVE-2022-24306
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. Zoho ManageEngine SharePoint Manager Plus versiones anteriores a 4329, permite una toma de posesión de la cuenta porque la autorización es manejada inapropiadamente • https://www.manageengine.com/sharepoint-management-reporting/release-notes.html#4329 • CWE-863: Incorrect Authorization •