CVE-2021-31813
https://notcve.org/view.php?id=CVE-2021-31813
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. Zoho ManageEngine Applications Manager versiones anteriores a 15130, es vulnerable a un ataque de tipo XSS Almacenado al importar detalles de usuarios maliciosos (por ejemplo, un nombre de usuario diseñado) desde AD • https://raxis.com/blog/cve-2021-31813 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-35765
https://notcve.org/view.php?id=CVE-2020-35765
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. doFilter en com.adventnet.appmanager.filter.UriCollector en Zoho ManageEngine Applications Manager versiones hasta 14930, permite una inyección SQL autenticada por medio del parámetro resourceid en showresource.do • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v15000 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html https://www.tenable.com/security/research/tra-2021-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-27733
https://notcve.org/view.php?id=CVE-2020-27733
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. Zoho ManageEngine Applications Manager anterior a la versión 14 build 14880, permite una inyección SQL autenticada por medio de una petición Alarmview diseñada • https://www.manageengine.com/products/applications_manager/issues.html#v14880 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-27995
https://notcve.org/view.php?id=CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. Una inyección SQL en Zoho ManageEngine Applications Manager 14 versiones anteriores a 14560, permite a un atacante ejecutar comandos en el servidor por medio del parámetro template_resid del archivo MyPage.do • https://www.manageengine.com/products/applications_manager/issues.html#v14560 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-15533
https://notcve.org/view.php?id=CVE-2020-15533
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. En Zoho ManageEngine Application Manager versión 14.7 Build 14730 (versiones anteriores a 14684, y entre 14689 y 14750), el módulo AlarmEscalation es vulnerable a un ataque de inyección SQL no autenticado • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14750 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •