CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27314 – Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-27314
27 May 2024 — Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. Las versiones de Zoho ManageEngine ServiceDesk Plus inferiores a 14730, ServiceDesk Plus MSP inferiores a 14720 y SupportCenter Plus inferiores a 14730 son vulnerables a XSS almacenado en el menú Acciones personalizadas en los detalles de ... • https://www.manageengine.com/products/service-desk/cve-2024-27314.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49335
https://notcve.org/view.php?id=CVE-2023-49335
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras se obtienen detalles del servidor de archivos. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49334
https://notcve.org/view.php?id=CVE-2023-49334
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras se exporta un informe resumido completo. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49333
https://notcve.org/view.php?id=CVE-2023-49333
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL en la función de gráfico del panel. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49332
https://notcve.org/view.php?id=CVE-2023-49332
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL al agregar archivos compartidos. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49331
https://notcve.org/view.php?id=CVE-2023-49331
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL en la opción de búsqueda de informes agregados. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27312 – Authorization vulnerability in PAM360
https://notcve.org/view.php?id=CVE-2024-27312
20 May 2024 — Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. Zoho ManageEngine PAM360 versión 6601 es vulnerable a una vulnerabilidad de autorización que permite a un usuario con pocos privilegios realizar acciones administrativas. Nota: Esta vulnerabilidad afecta solo a la versión PAM360 6600. No hay otras v... • https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27312.html • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49330
https://notcve.org/view.php?id=CVE-2023-49330
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras obtienen datos de informes agregados. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 6%CPEs: 1EXPL: 0CVE-2024-21775 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-21775
16 Feb 2024 — Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. Zoho ManageEngine Exchange Reporter Plus versiones 5714 y siguientes son vulnerables a la inyección de SQL autenticado en la función de exportación de informes. Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-21775.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19554
https://notcve.org/view.php?id=CVE-2020-19554
21 Sep 2021 — Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en ManageEngine OPManager versiones anteriores a 12.5.174 incluyéndola, cuando la clave API contiene una carga útil XSS basada en XML • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •