CVE-2020-27733
https://notcve.org/view.php?id=CVE-2020-27733
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. Zoho ManageEngine Applications Manager anterior a la versión 14 build 14880, permite una inyección SQL autenticada por medio de una petición Alarmview diseñada • https://www.manageengine.com/products/applications_manager/issues.html#v14880 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-27995
https://notcve.org/view.php?id=CVE-2020-27995
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. Una inyección SQL en Zoho ManageEngine Applications Manager 14 versiones anteriores a 14560, permite a un atacante ejecutar comandos en el servidor por medio del parámetro template_resid del archivo MyPage.do • https://www.manageengine.com/products/applications_manager/issues.html#v14560 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-10816
https://notcve.org/view.php?id=CVE-2020-10816
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. Zoho ManageEngine Applications Manager versiones 14780 y anteriores, permiten a un atacante remoto no autenticado registrar servidores administrados por medio del servlet AAMRequestProcessor • https://gitlab.com/eLeN3Re/CVE-2020-10816 https://www.manageengine.com/au/products/applications_manager/security-updates/security-updates-cve-2020-10816.html • CWE-287: Improper Authentication •
CVE-2020-16267
https://notcve.org/view.php?id=CVE-2020-16267
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. Zoho ManageEngine Applications Manager versión 14740 y anteriores, permite una inyección SQL autenticada por medio de una petición jsp diseñada en el módulo RCA • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14750 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-16267.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-15927
https://notcve.org/view.php?id=CVE-2020-15927
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. Zoho ManageEngine Applications Manager versión 14740 y anteriores, permite una inyección SQL autenticada por medio de una petición jsp diseñada en el módulo SAP • https://www.manageengine.com https://www.manageengine.com/products/applications_manager/issues.html#v14750 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •