CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2020-13154
https://notcve.org/view.php?id=CVE-2020-13154
18 May 2020 — Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. Zoho ManageEngine Service Plus versiones anteriores a 11.1 build 11112, permite a usuarios autenticados con pocos privilegios detectar la contraseña de File Protection mediante una llamada de getFileProtectionSettings a AjaxServlet. • https://gitlab.com/eLeN3Re/CVE-2020-13154 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 2CVE-2019-15083 – ManageEngine Service Desk 10.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15083
14 May 2020 — Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server >
CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 3CVE-2020-11531 – ManageEngine DataSecurity Plus Path Traversal / Code Execution
https://notcve.org/view.php?id=CVE-2020-11531
08 May 2020 — The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. La aplicación DataEngine Xnode Server en Zoho ManageEngine DataSecurity Plus versiones anteriores a 6.0.1, no comprueba el nombre del esquema de la base de datos al manejar una pe... • https://packetstorm.news/files/id/157604 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 5CVE-2020-11532 – ManageEngine DataSecurity Plus Xnode Enumeration
https://notcve.org/view.php?id=CVE-2020-11532
08 May 2020 — Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. Zoho ManageEngine DataSecurity Plus versiones anteriores a 6.0.1, utiliza credenciales de administrador predeterminadas para comunicarse con un servidor DataEngine Xnode. Esto permite a un atacante omitir la autenticación para este servidor y ejecutar todas las... • https://packetstorm.news/files/id/180701 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 90%CPEs: 80EXPL: 1CVE-2020-12116
https://notcve.org/view.php?id=CVE-2020-12116
07 May 2020 — Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. Zoho ManageEngine OpManager Stable build anterior a 124196 y Released build anterior a 125125, permite a un atacante no autenticado leer archivos arbitrarios en el servidor mediante el envío de una petición diseñada. • https://github.com/BeetleChunks/CVE-2020-12116 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 0CVE-2020-10859
https://notcve.org/view.php?id=CVE-2020-10859
05 May 2020 — Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Zoho ManageEngine Desktop Central versiones anteriores a 10.0.484, permite una escritura de archivos arbitrarios autenticados durante una extracción de archivos ZIP por medio de un Salto de Directorio en una petición de la API AppDependency diseñada. • https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 35%CPEs: 14EXPL: 0CVE-2020-11946
https://notcve.org/view.php?id=CVE-2020-11946
20 Apr 2020 — Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. Zoho ManageEngine OpManager versiones anteriores a la versión 125120, permite a un usuario no autenticado recuperar una clave de la API por medio de una llamada del servlet. • https://cwe.mitre.org/data/definitions/306.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 13%CPEs: 55EXPL: 0CVE-2020-11527
https://notcve.org/view.php?id=CVE-2020-11527
04 Apr 2020 — In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. En Zoho ManageEngine OpManager versiones anteriores a 12.4.181, un atacante remoto no autenticado puede enviar un URI especialmente diseñado para leer archivos arbitrarios. • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#124181 •
CVSS: 9.8EPSS: 9%CPEs: 17EXPL: 0CVE-2020-11518
https://notcve.org/view.php?id=CVE-2020-11518
04 Apr 2020 — Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. Zoho ManageEngine ADSelfService Plus versiones anteriores a 5815, permite una ejecución de código remota no autenticada. • https://pitstop.manageengine.com/portal/community/topic/adselfservice-plus-5815-released-with-an-important-security-fix •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 0CVE-2020-8509
https://notcve.org/view.php?id=CVE-2020-8509
30 Mar 2020 — Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. Zoho ManageEngine Desktop Centralen versiones anteriores a la 10.0.483 permite a los usuarios no autentificados acceder a PDFGenerationServlet, conllevando a una divulgación de información confidencial. • https://www.manageengine.com/products/desktop-central/unauthenticated-servlet-access.html • CWE-306: Missing Authentication for Critical Function •