CVSS: 9.8EPSS: 1%CPEs: 104EXPL: 0CVE-2021-42099
https://notcve.org/view.php?id=CVE-2021-42099
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Zoho ManageEngine M365 Manager Plus versiones anteriores a 4421, es vulnerable a una ejecución de código remota de carga de archivos • https://www.manageengine.com https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html#4421 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 4%CPEs: 124EXPL: 0CVE-2021-43319
https://notcve.org/view.php?id=CVE-2021-43319
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Zoho ManageEngine Network Configuration Manager versiones anteriores a 125488, es vulnerable a una inyección de comandos debido a que la comprobación de la funcionalidad Ping no es apropiada • https://manageengine.com https://www.manageengine.com/network-configuration-manager/release-notes.html#125488 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-43296
https://notcve.org/view.php?id=CVE-2021-43296
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo SSRF en ActionExecutor • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2021-43295
https://notcve.org/view.php?id=CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Accounts • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2021-43294
https://notcve.org/view.php?id=CVE-2021-43294
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Products • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •