CVE-2020-28050
https://notcve.org/view.php?id=CVE-2020-28050
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. Zoho ManageEngine Desktop Central anteriores al build 10.0.647, permite a un único secreto de autenticación de múltiples agentes comunicarse con el servidor • https://www.manageengine.com/products/desktop-central/cve-2020-28050.html https://www.manageengine.com/products/desktop-central/fixing-multiple-vulnerabilities.html • CWE-287: Improper Authentication •
CVE-2020-24397
https://notcve.org/view.php?id=CVE-2020-24397
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. Se detectó un problema en el lado del cliente de Zoho ManageEngine Desktop Central versión 10.0.0.SP-534. Un servidor controlado por un atacante puede desencadenar un desbordamiento de enteros en las funciones InternetSendRequestEx e InternetSendRequestByBitrate que desencadena un desbordamiento del búfer en la región heap de la memoria y una Ejecución de Código Remota con privilegios SYSTEM • https://www.manageengine.com/products/desktop-central https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerability.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2020-15588
https://notcve.org/view.php?id=CVE-2020-15588
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication. Se detectó un problema en el lado del cliente de Zoho ManageEngine Desktop Central versión 10.0.552.W. • https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerability.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2020-10859
https://notcve.org/view.php?id=CVE-2020-10859
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Zoho ManageEngine Desktop Central versiones anteriores a 10.0.484, permite una escritura de archivos arbitrarios autenticados durante una extracción de archivos ZIP por medio de un Salto de Directorio en una petición de la API AppDependency diseñada. • https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-8509
https://notcve.org/view.php?id=CVE-2020-8509
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. Zoho ManageEngine Desktop Centralen versiones anteriores a la 10.0.483 permite a los usuarios no autentificados acceder a PDFGenerationServlet, conllevando a una divulgación de información confidencial. • https://www.manageengine.com/products/desktop-central/unauthenticated-servlet-access.html • CWE-306: Missing Authentication for Critical Function •