CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5487 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5487
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5487.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5527 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5527
12 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5527.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 8%CPEs: 1EXPL: 0CVE-2024-5678 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5678
01 Aug 2024 — Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. Zohocorp ManageEngine Applications Manager versiones 170900 e inferiores son vulnerables a la inyección SQL autenticada solo para administradores en la función Create Monitor. Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6748 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-6748
29 Jul 2024 — Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring. Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring. • https://www.manageengine.com/itom/advisory/cve-2024-6748.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-38872 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-38872
26 Jul 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38872.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-38871 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-38871
26 Jul 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38871.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-5471 – Agent takeover
https://notcve.org/view.php?id=CVE-2024-5471
17 Jul 2024 — Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. • https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-5471.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27311 – Arbitrary file writing
https://notcve.org/view.php?id=CVE-2024-27311
17 Jul 2024 — Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. • https://www.manageengine.com/dns-dhcp-ipam/security-updates/cve-2024-27311.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36038 – Stored XSS
https://notcve.org/view.php?id=CVE-2024-36038
24 Jun 2024 — Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. • https://www.manageengine.com/itom/advisory/cve-2024-36038.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 14%CPEs: 1EXPL: 0CVE-2024-27310 – DOS Vulnerability
https://notcve.org/view.php?id=CVE-2024-27310
27 May 2024 — Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query. Las versiones de Zoho ManageEngine ADSelfService Plus inferiores a 6401 son vulnerables al ataque de DOS debido a la consulta LDAP maliciosa. Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. • https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-27310.html • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE-400: Uncontrolled Resource Consumption •