Page 2 of 10 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 1

CVE-2021-31813

https://notcve.org/view.php?id=CVE-2021-31813

Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. Zoho ManageEngine Applications Manager versiones anteriores a 15130, es vulnerable a un ataque de tipo XSS Almacenado al importar detalles de usuarios maliciosos (por ejemplo, un nombre de usuario diseñado) desde AD • https://raxis.com/blog/cve-2021-31813 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2020-35765

https://notcve.org/view.php?id=CVE-2020-35765

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. doFilter en com.adventnet.appmanager.filter.UriCollector en Zoho ManageEngine Applications Manager versiones hasta 14930, permite una inyección SQL autenticada por medio del parámetro resourceid en showresource.do • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v15000 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html https://www.tenable.com/security/research/tra-2021-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-15533

https://notcve.org/view.php?id=CVE-2020-15533

In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. En Zoho ManageEngine Application Manager versión 14.7 Build 14730 (versiones anteriores a 14684, y entre 14689 y 14750), el módulo AlarmEscalation es vulnerable a un ataque de inyección SQL no autenticado • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14750 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 1

CVE-2019-19799

https://notcve.org/view.php?id=CVE-2019-19799

Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. Zoho ManageEngine Applications Manager anterior a la versión 14600 permite que un atacante remoto no autenticado revele información relacionada con la licencia a través del servlet WieldFeedServlet. • https://gitlab.com/eLeN3Re/cve-2019-19799 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-19475

https://notcve.org/view.php?id=CVE-2019-19475

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. Se descubrió un problema en ManageEngine Applications Manager 14 con Build 14360. El PostgreSQL integrado que está incorporado en el Administrador de aplicaciones es propenso a ataques debido a la falta de seguridad de permisos de archivos. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html • CWE-276: Incorrect Default Permissions •