CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2021-31160
https://notcve.org/view.php?id=CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, permite a un atacante acceder a datos internos • https://excellium-services.com/cert-xlm-advisory/cve-2021-31160 https://www.manageengine.com/products/service-desk-msp/readme.html#10521 •
CVSS: 9.8EPSS: 2%CPEs: 164EXPL: 0CVE-2021-28958
https://notcve.org/view.php?id=CVE-2021-28958
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. Zoho ManageEngine ADSelfService Plus versiones hasta 6101, es vulnerable a una Ejecución de Código Remota no autenticada mientras se cambia la contraseña • https://blog.stmcyber.com/vulns/cve-2021-28958 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6102-released-with-an-important-security-fix-21-3-2021 https://www.manageengine.com https://www.manageengine.com/products/self-service-password/release-notes.html#6102 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 10%CPEs: 112EXPL: 3CVE-2021-31159 – Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
https://notcve.org/view.php?id=CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10519 es vulnerable a un bug de Enumeración de Usuarios debido a la generación inapropiada de mensajes de error en la funcionalidad Forgot Password, también se conoce como SDPMSP-15732 Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability. • https://www.exploit-db.com/exploits/50027 https://github.com/ricardojoserf/CVE-2021-31159 http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html https://www.manageengine.com https://www.manageengine.com/products/service-desk-msp/readme.html#10519 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31857
https://notcve.org/view.php?id=CVE-2021-31857
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. En Zoho ManageEngine Password Manager Pro versiones anteriores a 11.1 build 11104, unos atacantes son capaces de recuperar credenciales por medio de una extensión del navegador para tipos de recursos que no son del sitio web • https://www.manageengine.com https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11104 •
CVSS: 9.0EPSS: 3%CPEs: 7EXPL: 1CVE-2021-20081
https://notcve.org/view.php?id=CVE-2021-20081
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM • https://www.tenable.com/security/research/tra-2021-22 •