CVSS: 9.8EPSS: 41%CPEs: 69EXPL: 1CVE-2021-41081
https://notcve.org/view.php?id=CVE-2021-41081
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. Zoho ManageEngine Network Configuration Manager versiones anteriores a 125465, es vulnerable a una inyección de SQL en una búsqueda de configuración • https://github.com/sudaiv/CVE-2021-41081 https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 41%CPEs: 69EXPL: 0CVE-2021-41080
https://notcve.org/view.php?id=CVE-2021-41080
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. Zoho ManageEngine Network Configuration Manager versiones anteriores a 125465, es vulnerable a una inyección de SQL en una búsqueda de detalles de hardware • https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41080.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 25%CPEs: 7EXPL: 0CVE-2021-42847 – ManageEngine ADAudit Plus Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-42847
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. Zoho ManageEngine ADAudit Plus versiones anteriores a 7006, permite a atacantes escribir y ejecutar archivos arbitrarios • http://packetstormsecurity.com/files/172258/ManageEngine-ADAudit-Plus-Remote-Code-Execution.html https://pitstop.manageengine.com/portal/en/community/topic/fix-released-for-a-vulnerability-in-manageengine-adaudit-plus https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-24743
https://notcve.org/view.php?id=CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. Se ha detectado un problema en el archivo /showReports.do Zoho ManageEngine Applications Manager versiones hasta la 14550, permite a atacantes alcanzar privilegios escalados por medio del parámetro resourceid • https://www.manageengine.com/products/applications_manager/issues.html#v14550 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-20136
https://notcve.org/view.php?id=CVE-2021-20136
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup. ManageEngine Log360 Compilaciones anteriores a 5235, están afectadas por una vulnerabilidad de control de acceso inapropiada que permite sobrescribir la configuración de la base de datos. Un atacante remoto no autenticado puede enviar un mensaje especialmente diseñado a Log360 para cambiar su base de datos backend a una base de datos controlada por el atacante y forzar a Log360 a reiniciarse. • https://www.tenable.com/security/research/tra-2021-48 • CWE-306: Missing Authentication for Critical Function •