CVE-2021-37927
https://notcve.org/view.php?id=CVE-2021-37927
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, permite una toma de control de cuentas por medio de SSO • https://www.manageengine.com https://www.manageengine.com/products/ad-manager/release-notes.html#7111 https://www.manageengine.com/products/self-service-password/release-notes.html#6110 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-37925
https://notcve.org/view.php?id=CVE-2021-37925
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, presenta una vulnerabilidad de inyección de comandos Post-Auth OS • https://www.manageengine.com https://www.manageengine.com/products/ad-manager/release-notes.html#7111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-37741
https://notcve.org/view.php?id=CVE-2021-37741
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. ManageEngine ADManager Plus versiones anteriores a 7111, presenta vulnerabilidades de RCE de pre-autenticación • https://www.manageengine.com https://www.manageengine.com/products/ad-manager/release-notes.html#7111 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-37419
https://notcve.org/view.php?id=CVE-2021-37419
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6112, es vulnerable a un ataque de tipo SSRF • https://blog.stmcyber.com/vulns/cve-2021-37419 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release https://www.manageengine.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-37420
https://notcve.org/view.php?id=CVE-2021-37420
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6112, es vulnerable a una suplantación de correo • https://blog.stmcyber.com/vulns/cve-2021-37420 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release https://www.manageengine.com • CWE-306: Missing Authentication for Critical Function •