CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38868 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38868
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 • https://www.manageengine.com/products/desktop-central/security-updates-ngav.html • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38869 – Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-38869
An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. • https://www.manageengine.com/products/service-desk/CVE-2024-41150.html https://www.manageengine.com/products/desktop-central/security-updates-config-access.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19554
https://notcve.org/view.php?id=CVE-2020-19554
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en ManageEngine OPManager versiones anteriores a 12.5.174 incluyéndola, cuando la clave API contiene una carga útil XSS basada en XML • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28960
https://notcve.org/view.php?id=CVE-2021-28960
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. Zoho ManageEngine Desktop Central antes de la versión 10.0.683 permite la inyección de comandos no autenticados debido al manejo inadecuado de un comando de entrada en las operaciones bajo demanda • https://www.manageengine.com https://www.manageengine.com/products/desktop-central/unauthenticated-command-injection-vulnerability.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15608 – ManageEngine ADManager Plus 6.5.7 - HTML Injection
https://notcve.org/view.php?id=CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. Zoho ManageEngine ADManager Plus 6.5.7 permite la inyección HTML en la pantalla "Help Desk Technicians" de "AD Delegation". ManageEngine ADManager Plus version 6.5.7 suffers from an html injection vulnerability. • https://www.exploit-db.com/exploits/45254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •