CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50053 – Stored XSS
https://notcve.org/view.php?id=CVE-2024-50053
21 Mar 2025 — Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. • https://www.manageengine.com/products/service-desk/CVE-2024-50053.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9097 – IDOR
https://notcve.org/view.php?id=CVE-2024-9097
05 Feb 2025 — ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. • https://www.manageengine.com/products/desktop-central/cve-2024-9097.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41140 – Improper Authorization
https://notcve.org/view.php?id=CVE-2024-41140
29 Jan 2025 — Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-41140.html • CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49574 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-49574
18 Nov 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. • https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10203 – Agent Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-10203
07 Nov 2024 — Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. Las versiones 11.3.2416.21 y anteriores, 11.3.2428.9 y anteriores de Zohocorp ManageEngine EndPoint Central son vulnerables a la eliminación arbitraria de archivos en las máquinas instaladas por el agente. • https://www.manageengine.com/products/desktop-central/cve-2024-10203.html • CWE-269: Improper Privilege Management •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9459 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-9459
05 Nov 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36485 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36485
04 Nov 2024 — Zohocorp ManageEngine ADAudit Plus versions 8121 and prior are vulnerable to SQL Injection in Technician reports option. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48878 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-48878
04 Nov 2024 — Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. • https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5608 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5608
24 Oct 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5608.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24409 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-24409
07 Oct 2024 — Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. ManageEngine ADManager Plus builds prior to 7210 suffers from a privilege escalation vulnerability. • https://github.com/passtheticket/CVE-2024-24409 • CWE-269: Improper Privilege Management •