CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12959
https://notcve.org/view.php?id=CVE-2019-12959
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. Server Side Request Forgery (SSRF) existe en Zoho ManageEngine AssetExplorer versión 6.2.0 y anteriores para el servlet ClientUtilServlet a través de una URL en un parámetro. • https://excellium-services.com/cert-xlm-advisory/cve-2019-12959 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12994
https://notcve.org/view.php?id=CVE-2019-12994
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. Server Side Request Forgery (SSRF) existe en Zoho ManageEngine AssetExplorer versión 6.2.0 para el servlet AJaxServlet a través de un parámetro en una URL. • https://www.excellium-services.com/cert-xlm-advisory/CVE-2019-12994 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14693
https://notcve.org/view.php?id=CVE-2019-14693
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. Zoho ManageEngine AssetExplorer versión 6.2.0 es vulnerable a un ataque de inyección de entidad externa XML (XXE) cuando procesa datos XML de licencia. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://www.excellium-services.com/cert-xlm-advisory/cve-2019-14693 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-12537
https://notcve.org/view.php?id=CVE-2019-12537
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. Se detectó un problema en ManageEngine AssetExplorer de Zoho. Se presenta un problema de tipo XSS por medio del campo de búsqueda SearchN.do. • http://www.securityfocus.com/bid/109364 https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine https://www.manageengine.com/products/asset-explorer/readme.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-12595
https://notcve.org/view.php?id=CVE-2019-12595
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. Se detectó un problema en ManageEngine AssetExplorer de Zoho. Se presenta un problema de tipo XSS por medio del parámetro RCSettings.do rdsName. • http://www.securityfocus.com/bid/109364 https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine https://www.manageengine.com/products/asset-explorer/sp-readme.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •