CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-16267
https://notcve.org/view.php?id=CVE-2020-16267
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. Zoho ManageEngine Applications Manager versión 14740 y anteriores, permite una inyección SQL autenticada por medio de una petición jsp diseñada en el módulo RCA • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14750 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15927
https://notcve.org/view.php?id=CVE-2020-15927
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. Zoho ManageEngine Applications Manager versión 14740 y anteriores, permite una inyección SQL autenticada por medio de una petición jsp diseñada en el módulo SAP • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14750 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15533
https://notcve.org/view.php?id=CVE-2020-15533
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. En Zoho ManageEngine Application Manager versión 14.7 Build 14730 (versiones anteriores a 14684, y entre 14689 y 14750), el módulo AlarmEscalation es vulnerable a un ataque de inyección SQL no autenticado • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14750 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15533.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 89EXPL: 0CVE-2020-15394
https://notcve.org/view.php?id=CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. La API REST en Zoho ManageEngine Applications Manager versiones anteriores a build 14740, permite una inyección SQL no autenticada por medio de una petición diseñada, conllevando a una ejecución de código remota • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14740 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 88EXPL: 0CVE-2020-15521
https://notcve.org/view.php?id=CVE-2020-15521
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . Zoho ManageEngine Applications Manager versiones anteriores a 14 build 14730, no presenta protección contra un Cross-site Scripting (XSS) del archivo jsp/header.jsp • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14730 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •