CVE-2020-35682
https://notcve.org/view.php?id=CVE-2020-35682
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11134, permite una omisión de autenticación (solo durante el inicio de sesión SAML) • https://github.com/its-arun/CVE-2020-35682 https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134 • CWE-863: Incorrect Authorization •
CVE-2020-14048
https://notcve.org/view.php?id=CVE-2020-14048
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11.1, build 11115, permite a atacantes remotos no autenticados cambiar el estado de instalación de los agentes desplegados • https://gitlab.com/eLeN3Re/CVE-2020-14048 https://www.manageengine.com/products/service-desk/on-premises/readme.html • CWE-306: Missing Authentication for Critical Function •
CVE-2020-6843 – ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 permite un ataque de cross-site scripting (XSS). Este problema se solucionó en la versión 11.0 Build 11010, SD-83959. ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Jan/32 https://sec-consult.com/en/vulnerability-lab/advisories/index.html https://seclists.org/bugtraq/2020/Jan/34 https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15045 – Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
https://notcve.org/view.php?id=CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality ** EN DISPUTA ** AjaxDomainServlet en Zoho ManageEngine ServiceDesk Plus versión 10 permite la enumeración de usuarios. NOTA: la posición del proveedor es que esta es la funcionalidad prevista. Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. • http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html http://seclists.org/fulldisclosure/2019/Aug/17 https://www.manageengine.com/products/service-desk/readme.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-15046 – Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
https://notcve.org/view.php?id=CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. Zoho ManageEngine ServiceDesk Plus 10 anteriores a la versión 10509, permite el filtrado de información confidencial no autenticada durante la replicación de Fail Over Service (FOS), también se conoce como SD-79989. Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. • http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html http://seclists.org/fulldisclosure/2019/Aug/17 https://seclists.org/bugtraq/2019/Aug/37 https://www.manageengine.com/products/service-desk/readme.html#10509 • CWE-287: Improper Authentication •