CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2021-44525
https://notcve.org/view.php?id=CVE-2021-44525
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. Zoho ManageEngine PAM360 versiones anteriores a la compilación 5303, permite a atacantes modificar algunos aspectos del estado de la aplicación debido a una omisión de filtro en la autenticación no es requerida • https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2021-44675
https://notcve.org/view.php?id=CVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10.5 Build 10534, es vulnerable a una ejecución de código remota sin autenticación debido a una omisión de filtro en la que no es requerida autenticación • https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2021-44676
https://notcve.org/view.php?id=CVE-2021-44676
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. Zoho ManageEngine Access Manager Plus versiones anteriores a 4203, permite a cualquiera visualizar algunos elementos de datos (por ejemplo, detalles de control de acceso) y modificar algunos aspectos del estado de la aplicación • https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior https://www.manageengine.com • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 1CVE-2021-44515 – Zoho Desktop Central Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. • https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html •
CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2021-44514
https://notcve.org/view.php?id=CVE-2021-44514
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. OpUtils en Zoho ManageEngine OpManager 12.5 antes de 125490 maneja mal la autenticación para algunos directorios de auditoría • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125490 • CWE-287: Improper Authentication •