CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-33055
https://notcve.org/view.php?id=CVE-2021-33055
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. Zoho ManageEngine ADSelfService Plus versiones hasta 6102, permite una ejecución de código remota no autenticado en ediciones no Inglesas. • https://blog.stmcyber.com/vulns/cve-2021-33055 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-40172
https://notcve.org/view.php?id=CVE-2021-40172
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. Zoho ManageEngine Log360 versiones anteriores al Build 5219, permite un ataque CSRF en la configuración del proxy. • https://www.manageengine.com/log-management/readme.html#Build%205219 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-40173
https://notcve.org/view.php?id=CVE-2021-40173
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. Zoho ManageEngine Cloud Security Plus versiones anteriores al Build 4117, permite un ataque de tipo CSRF en la configuración del proxy del servidor. • https://www.manageengine.com/cloud-security/release-notes.html#build%204117 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-40174
https://notcve.org/view.php?id=CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. Zoho ManageEngine Log360 versiones anteriores al Build 5224, permite un ataque de tipo CSRF para deshabilitar la configuración de seguridad de inicio de sesión. • https://www.manageengine.com/log-management/readme.html#Build%205224 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 8%CPEs: 10EXPL: 0CVE-2021-40175
https://notcve.org/view.php?id=CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. Zoho ManageEngine Log360 versiones anteriores al Build 5219, permite una carga de archivos sin restricciones con una ejecución de código remota resultante. • https://www.manageengine.com/log-management/readme.html#Build%205219 • CWE-434: Unrestricted Upload of File with Dangerous Type •