CVSS: 9.8EPSS: 6%CPEs: 130EXPL: 0CVE-2021-44514
https://notcve.org/view.php?id=CVE-2021-44514
09 Dec 2021 — OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. OpUtils en Zoho ManageEngine OpManager 12.5 antes de 125490 maneja mal la autenticación para algunos directorios de auditoría • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125490 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 36%CPEs: 118EXPL: 0CVE-2021-41075
https://notcve.org/view.php?id=CVE-2021-41075
13 Oct 2021 — The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. El analizador de NetFlow en Zoho ManageEngine OpManger versiones anteriores a 125455, es vulnerable a una inyección SQL en la API del módulo de ataques • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125455 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 27%CPEs: 111EXPL: 0CVE-2021-40493
https://notcve.org/view.php?id=CVE-2021-40493
13 Oct 2021 — Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. OpManager de Zoho ManageEngine versiones anteriores a 125437, es vulnerable a una inyección SQL en el módulo de diagnósticos de soporte. Esto ocurre por medio del parámetro pollingObject de la API getDataCollectionFailureReason • https://www.manageengine.com/network-monitoring/security-updates/cve-2021-40493.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 22%CPEs: 120EXPL: 0CVE-2021-41288
https://notcve.org/view.php?id=CVE-2021-41288
30 Sep 2021 — Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. Zoho ManageEngine OpManager versión 125466 y por debajo, es vulnerable a una inyección SQL en la API getReportData • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125467 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 71%CPEs: 66EXPL: 2CVE-2021-3287 – ManageEngine OpManager SumPDU Java Deserialization
https://notcve.org/view.php?id=CVE-2021-3287
22 Apr 2021 — Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. Zoho ManageEngine OpManager versiones anteriores a 12.5.329, permite una ejecución de código remota no autenticada debido a una omisión general en la clase de deserialización An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote atta... • https://packetstorm.news/files/id/164231 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.4EPSS: 44%CPEs: 71EXPL: 1CVE-2021-20078
https://notcve.org/view.php?id=CVE-2021-20078
01 Apr 2021 — Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS. Las compilaciones de Manage Engine OpManager por debajo de 125346, son vulnerables a una vulnerabilidad de denegación de servicio remota debido a un problema de salto de ruta en el componente spark gateway. Esto permite que un atacante remoto elimine remota... • https://www.tenable.com/security/research/tra-2021-10 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 82%CPEs: 59EXPL: 5CVE-2020-28653 – ManageEngine OpManager SumPDU Java Deserialization
https://notcve.org/view.php?id=CVE-2020-28653
03 Feb 2021 — Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. Zoho ManageEngine OpManager Stable build anterior a 125203 (y compilación Publicada anterior a 125233) permite una ejecución de código remota por medio del servlet Smart Update Manager (SUM) An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abus... • https://packetstorm.news/files/id/164231 •
CVSS: 7.5EPSS: 76%CPEs: 26EXPL: 0CVE-2020-13818 – ManageEngine OpManager OpmSkipFilter Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-13818
04 Jun 2020 — In Zoho ManageEngine OpManager before 125144, when
CVSS: 7.5EPSS: 90%CPEs: 80EXPL: 1CVE-2020-12116
https://notcve.org/view.php?id=CVE-2020-12116
07 May 2020 — Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. Zoho ManageEngine OpManager Stable build anterior a 124196 y Released build anterior a 125125, permite a un atacante no autenticado leer archivos arbitrarios en el servidor mediante el envío de una petición diseñada. • https://github.com/BeetleChunks/CVE-2020-12116 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 35%CPEs: 14EXPL: 0CVE-2020-11946
https://notcve.org/view.php?id=CVE-2020-11946
20 Apr 2020 — Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. Zoho ManageEngine OpManager versiones anteriores a la versión 125120, permite a un usuario no autenticado recuperar una clave de la API por medio de una llamada del servlet. • https://cwe.mitre.org/data/definitions/306.html • CWE-306: Missing Authentication for Critical Function •