CVSS: 9.8EPSS: 38%CPEs: 6EXPL: 0CVE-2021-37539
https://notcve.org/view.php?id=CVE-2021-37539
27 Sep 2021 — Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. Zoho ManageEngine ADManager Plus versiones anteriores a 7111, es vulnerable a un archivo sin restricciones que conlleva a una ejecución de código remota • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37927
https://notcve.org/view.php?id=CVE-2021-37927
22 Sep 2021 — Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, permite una toma de control de cuentas por medio de SSO • https://www.manageengine.com • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 21%CPEs: 5EXPL: 0CVE-2021-37925
https://notcve.org/view.php?id=CVE-2021-37925
22 Sep 2021 — Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. Zoho ManageEngine ADManager Plus versión 7110 y anteriores, presenta una vulnerabilidad de inyección de comandos Post-Auth OS • https://www.manageengine.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 5%CPEs: 6EXPL: 0CVE-2021-37741
https://notcve.org/view.php?id=CVE-2021-37741
21 Sep 2021 — ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. ManageEngine ADManager Plus versiones anteriores a 7111, presenta vulnerabilidades de RCE de pre-autenticación • https://www.manageengine.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 6%CPEs: 5EXPL: 0CVE-2021-33911
https://notcve.org/view.php?id=CVE-2021-33911
17 Jul 2021 — Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. Zoho ManageEngine ADManager Plus versiones anteriores a 7110, permite una ejecución de código remota • https://www.manageengine.com/products/ad-manager/release-notes.html#7110 •
CVSS: 6.1EPSS: 6%CPEs: 5EXPL: 0CVE-2021-36771
https://notcve.org/view.php?id=CVE-2021-36771
17 Jul 2021 — Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. Zoho ManageEngine ADManager Plus versiones anteriores a 7110, permite un ataque de tipo XSS reflejado • https://www.manageengine.com/products/ad-manager/release-notes.html#7110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 5EXPL: 0CVE-2021-36772
https://notcve.org/view.php?id=CVE-2021-36772
17 Jul 2021 — Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. Zoho ManageEngine ADManager Plus versiones anteriores a 7110, permite un ataque de tipo XSS almacenado • https://www.manageengine.com/products/ad-manager/release-notes.html#7110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 23EXPL: 0CVE-2020-35594
https://notcve.org/view.php?id=CVE-2020-35594
05 Mar 2021 — Zoho ManageEngine ADManager Plus before 7066 allows XSS. Zoho ManageEngine ADManager Plus versiones anteriores a 7066, permite un ataque de tipo XSS • https://www.manageengine.com/products/ad-manager/release-notes.html#7066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 152EXPL: 0CVE-2020-24786
https://notcve.org/view.php?id=CVE-2020-24786
31 Aug 2020 — An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166.... • https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5 • CWE-287: Improper Authentication •