CVE-2022-29457 – ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
https://notcve.org/view.php?id=CVE-2022-29457
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, ADAuditPlus versión 7060, Exchange Reporter Plus versión 5701, y ADManagerPlus versión 7131, permiten una divulgación de NTLM Hash durante determinados pasos de configuración de la ruta de almacenamiento ManageEngine ADSelfService Plus build 6118 suffers from an NTLMv2 hash exposure vulnerability. • https://www.exploit-db.com/exploits/50904 http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-522: Insufficiently Protected Credentials •
CVE-2022-28219 – ManageEngine ADAudit Plus Path Traversal / XML Injection
https://notcve.org/view.php?id=CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. Cewolf en Zoho ManageEngine ADAudit Plus antes de 7060 es vulnerable a un ataque XXE no autenticado que conduce a la ejecución remota de código • https://github.com/horizon3ai/CVE-2022-28219 https://github.com/aeifkz/CVE-2022-28219-Like http://cewolf.sourceforge.net/new/index.html http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html https://manageengine.com https://www.horizon3.ai/red-team-blog-cve-2022-28219 https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html https://attackerkb.com/topics/Zx3qJlmRGY/cve-2022-28219/rapid7-analysis • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-24978
https://notcve.org/view.php?id=CVE-2022-24978
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. Zoho ManageEngine ADAudit Plus versiones anteriores a 7055, permite una escalada de privilegios autenticada en productos integrados. Esto ocurre porque un campo de contraseña está presente en una respuesta JSON • https://manageengine.com https://pitstop.manageengine.com/portal/en/community/topic/cve-2022-24978-privilege-escalation-vulnerability-manageengine-adaudit-plus • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVE-2021-42847 – ManageEngine ADAudit Plus Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-42847
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. Zoho ManageEngine ADAudit Plus versiones anteriores a 7006, permite a atacantes escribir y ejecutar archivos arbitrarios • http://packetstormsecurity.com/files/172258/ManageEngine-ADAudit-Plus-Remote-Code-Execution.html https://pitstop.manageengine.com/portal/en/community/topic/fix-released-for-a-vulnerability-in-manageengine-adaudit-plus https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html •
CVE-2020-24786
https://notcve.org/view.php?id=CVE-2020-24786
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise. Se detectó un problema en Zoho ManageEngine Exchange Reporter Plus antes del número de compilación 5510, AD360 antes del número de compilación 4228, ADSelfService Plus antes del número de compilación 5817, DataSecurity Plus antes del número de compilación 6033, RecoverManager Plus antes del número de compilación 6017, EventLog Analyzer antes del número de compilación 12136, ADAudit Además, antes del número de compilación 6052, O365 Manager Plus antes del número de compilación 4334, Cloud Security Plus antes del número de compilación 4110, ADManager Plus antes del número de compilación 7055 y Log360 antes del número de compilación 5166. El servlet de Java com.manageengine.ads.fw.servlet.UpdateProductDetails accesible remotamente es propenso a una omisión de autenticación. • https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5 https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration • CWE-287: Improper Authentication •