CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38868 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38868
30 Aug 2024 — Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 • https://www.manageengine.com/products/desktop-central/security-updates-ngav.html • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5546 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5546
28 Aug 2024 — Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. • https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38869 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38869
23 Aug 2024 — An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. Zohocorp ManageEngine Endpoint C... • https://www.manageengine.com/products/service-desk/CVE-2024-41150.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5586 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5586
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5556 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5556
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5490 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5490
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36514 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36514
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36514.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36515 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36515
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36515.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36516 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36516
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36516.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36517 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36517
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36517.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •