CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5467 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5467
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36034 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36034
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. • https://www.manageengine.com/products/active-directory-audit/sqlfix-8003.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36035 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36035
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. • https://www.manageengine.com/products/active-directory-audit/sqlfix-8003.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36518 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36518
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36518.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5487 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5487
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5487.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5527 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5527
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5527.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-38872 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-38872
26 Jul 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38872.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-38871 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-38871
26 Jul 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38871.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27313 – XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-27313
29 May 2024 — Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. Zoho ManageEngine PAM360 es vulnerable a la vulnerabilidad XSS almacenado. Esta vulnerabilidad es aplicable sólo en la versión 6610. • https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27313.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36037 – Insufficient Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-36037
27 May 2024 — Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. Zoho ManageEngine ADAudit Plus versiones 7260 e inferiores permiten que los usuarios no autorizados de la máquina del agente local vean las grabaciones de la sesión. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36037.html • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •