CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-24978
https://notcve.org/view.php?id=CVE-2022-24978
05 Apr 2022 — Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. Zoho ManageEngine ADAudit Plus versiones anteriores a 7055, permite una escalada de privilegios autenticada en productos integrados. Esto ocurre porque un campo de contraseña está presente en una respuesta JSON • https://manageengine.com • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 22%CPEs: 7EXPL: 1CVE-2021-42847 – ManageEngine ADAudit Plus Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-42847
11 Nov 2021 — Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. Zoho ManageEngine ADAudit Plus versiones anteriores a 7006, permite a atacantes escribir y ejecutar archivos arbitrarios • https://packetstorm.news/files/id/172258 •
CVSS: 10.0EPSS: 3%CPEs: 152EXPL: 0CVE-2020-24786
https://notcve.org/view.php?id=CVE-2020-24786
31 Aug 2020 — An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166.... • https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 7%CPEs: 2EXPL: 3CVE-2020-11531 – ManageEngine DataSecurity Plus Path Traversal / Code Execution
https://notcve.org/view.php?id=CVE-2020-11531
08 May 2020 — The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. La aplicación DataEngine Xnode Server en Zoho ManageEngine DataSecurity Plus versiones anteriores a 6.0.1, no comprueba el nombre del esquema de la base de datos al manejar una pe... • https://packetstorm.news/files/id/157604 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 17%CPEs: 2EXPL: 5CVE-2020-11532 – ManageEngine DataSecurity Plus Xnode Enumeration
https://notcve.org/view.php?id=CVE-2020-11532
08 May 2020 — Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. Zoho ManageEngine DataSecurity Plus versiones anteriores a 6.0.1, utiliza credenciales de administrador predeterminadas para comunicarse con un servidor DataEngine Xnode. Esto permite a un atacante omitir la autenticación para este servidor y ejecutar todas las... • https://packetstorm.news/files/id/180701 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19118
https://notcve.org/view.php?id=CVE-2018-19118
13 Dec 2018 — Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. Zoho ManageEngine ADAudit en versiones anteriores a la 5.1 build 5120 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en pila) mediante el campo "Domain Name" al añadir un nuevo dominio. • https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10466
https://notcve.org/view.php?id=CVE-2018-10466
29 May 2018 — Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. Zoho ManageEngine ADAudit Plus en versiones anteriores a la 5.0.0 build 5100 permite la inyección SQL ciega. • https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •