CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2021-41827
https://notcve.org/view.php?id=CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2121.1, presenta credenciales embebidas para el acceso de sólo lectura. Las credenciales están en el código fuente que corresponde al archivo JAR DCBackupRestore • https://medium.com/nestedif/vulnerability-disclosure-hardcoded-keys-password-zoho-r-a-p-318aa9bba2e https://www.manageengine.com/remote-desktop-management/hotfix-readme.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2021-41828
https://notcve.org/view.php?id=CVE-2021-41828
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2121.1, presenta credenciales embebidas asociadas al archivo resetPWD.xml • https://medium.com/nestedif/vulnerability-disclosure-hardcoded-keys-password-zoho-r-a-p-318aa9bba2e https://www.manageengine.com/remote-desktop-management/hotfix-readme.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2021-41829
https://notcve.org/view.php?id=CVE-2021-41829
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. Zoho ManageEngine Remote Access Plus versiones anteriores a 10.1.2121.1, es basado en el número de compilación de la aplicación para calcular una determinada clave de cifrado • https://medium.com/nestedif/vulnerability-disclosure-statically-derived-encryption-key-zoho-r-a-p-907088263197 https://www.manageengine.com/remote-desktop-management/hotfix-readme.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2021-37761
https://notcve.org/view.php?id=CVE-2021-37761
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. Zoho ManageEngine ADManager Plus versión 7110 y anteriores es vulnerable a una carga de archivos sin restricciones, conllevando a una ejecución de código remota • https://www.manageengine.com https://www.manageengine.com/products/ad-manager/release-notes.html#7111 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2021-37539
https://notcve.org/view.php?id=CVE-2021-37539
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. Zoho ManageEngine ADManager Plus versiones anteriores a 7111, es vulnerable a un archivo sin restricciones que conlleva a una ejecución de código remota • https://www.manageengine.com https://www.manageengine.com/products/ad-manager/release-notes.html#7111 • CWE-434: Unrestricted Upload of File with Dangerous Type •