CVSS: 9.8EPSS: 9%CPEs: 139EXPL: 0CVE-2022-29535
https://notcve.org/view.php?id=CVE-2022-29535
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. Zoho ManageEngine OPManager versiones hasta 125588, permite una inyección SQL por medio de algunos informes por defecto • https://manageengine.com https://www.manageengine.com/network-monitoring/security-updates/cve-2022-29535.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 136EXPL: 0CVE-2022-27908
https://notcve.org/view.php?id=CVE-2022-27908
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. Zoho ManageEngine OpManager versiones anteriores a 125588 (y antes de 125603) es vulnerable a una inyección SQL autenticada en el módulo de informes de inventario • https://www.manageengine.com/network-monitoring/security-updates/cve-2022-27908.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 118EXPL: 0CVE-2021-41075
https://notcve.org/view.php?id=CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. El analizador de NetFlow en Zoho ManageEngine OpManger versiones anteriores a 125455, es vulnerable a una inyección SQL en la API del módulo de ataques • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125455 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 111EXPL: 0CVE-2021-40493
https://notcve.org/view.php?id=CVE-2021-40493
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. OpManager de Zoho ManageEngine versiones anteriores a 125437, es vulnerable a una inyección SQL en el módulo de diagnósticos de soporte. Esto ocurre por medio del parámetro pollingObject de la API getDataCollectionFailureReason • https://www.manageengine.com/network-monitoring/security-updates/cve-2021-40493.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 120EXPL: 0CVE-2021-41288
https://notcve.org/view.php?id=CVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. Zoho ManageEngine OpManager versión 125466 y por debajo, es vulnerable a una inyección SQL en la API getReportData • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125467 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •