CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36772
https://notcve.org/view.php?id=CVE-2021-36772
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. Zoho ManageEngine ADManager Plus versiones anteriores a 7110, permite un ataque de tipo XSS almacenado • https://www.manageengine.com/products/ad-manager/release-notes.html#7110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 1%CPEs: 6EXPL: 1CVE-2021-31874
https://notcve.org/view.php?id=CVE-2021-31874
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6104, en raras situaciones, permite a atacantes obtener información confidencial sobre la aplicación de base de datos de sincronización de contraseñas • https://blog.stmcyber.com/vulns/cve-2021-31874 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31813
https://notcve.org/view.php?id=CVE-2021-31813
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. Zoho ManageEngine Applications Manager versiones anteriores a 15130, es vulnerable a un ataque de tipo XSS Almacenado al importar detalles de usuarios maliciosos (por ejemplo, un nombre de usuario diseñado) desde AD • https://raxis.com/blog/cve-2021-31813 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2021-31813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2021-31531
https://notcve.org/view.php?id=CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, es vulnerable a ataques de tipo Server-Side Request Forgery (SSRF) • https://excellium-services.com/cert-xlm-advisory/cve-2021-31531 https://www.manageengine.com/products/service-desk-msp/readme.html#10521 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2021-31530
https://notcve.org/view.php?id=CVE-2021-31530
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10522, es vulnerable a una Divulgación de Información • https://excellium-services.com/cve-2021-31530 https://www.manageengine.com/products/service-desk-msp/readme.html#10522 •