CVE-2020-28679
https://notcve.org/view.php?id=CVE-2020-28679
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. Una vulnerabilidad en el módulo showReports de Zoho ManageEngine Applications Manager versiones anteriores a 14550, permite a atacantes autenticados ejecutar una inyección SQL por medio de una petición diseñada • https://www.manageengine.com/products/applications_manager/issues.html#v14550 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-24743
https://notcve.org/view.php?id=CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. Se ha detectado un problema en el archivo /showReports.do Zoho ManageEngine Applications Manager versiones hasta la 14550, permite a atacantes alcanzar privilegios escalados por medio del parámetro resourceid • https://www.manageengine.com/products/applications_manager/issues.html#v14550 •
CVE-2021-35512
https://notcve.org/view.php?id=CVE-2021-35512
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Se ha detectado un problema de tipo SSRF en Zoho ManageEngine Applications Manager versión build 15200 • https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine https://www.manageengine.com/products/applications_manager https://www.manageengine.com/products/applications_manager/release-notes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-31813
https://notcve.org/view.php?id=CVE-2021-31813
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. Zoho ManageEngine Applications Manager versiones anteriores a 15130, es vulnerable a un ataque de tipo XSS Almacenado al importar detalles de usuarios maliciosos (por ejemplo, un nombre de usuario diseñado) desde AD • https://raxis.com/blog/cve-2021-31813 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-35765
https://notcve.org/view.php?id=CVE-2020-35765
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. doFilter en com.adventnet.appmanager.filter.UriCollector en Zoho ManageEngine Applications Manager versiones hasta 14930, permite una inyección SQL autenticada por medio del parámetro resourceid en showresource.do • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v15000 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html https://www.tenable.com/security/research/tra-2021-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •