CVSS: 5.8EPSS: 8%CPEs: 1EXPL: 0CVE-2024-5678 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5678
01 Aug 2024 — Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. Zohocorp ManageEngine Applications Manager versiones 170900 e inferiores son vulnerables a la inyección SQL autenticada solo para administradores en la función Create Monitor. Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2024-5678.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 57%CPEs: 7EXPL: 0CVE-2023-38333 – ManageEngine Applications Manager SingleSignOn Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38333
10 Aug 2023 — Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Applications Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SingleSignOn page. The issue results from the lack of proper validation of user-supplied data, which can lead to the inj... • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 57%CPEs: 12EXPL: 0CVE-2023-29442
https://notcve.org/view.php?id=CVE-2023-29442
26 Apr 2023 — Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 6%CPEs: 4EXPL: 0CVE-2023-28340
https://notcve.org/view.php?id=CVE-2023-28340
11 Apr 2023 — Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. • https://manageengine.com • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.4EPSS: 80%CPEs: 7EXPL: 0CVE-2023-28341
https://notcve.org/view.php?id=CVE-2023-28341
11 Apr 2023 — Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. • https://manageengine.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 4EXPL: 1CVE-2022-23050
https://notcve.org/view.php?id=CVE-2022-23050
24 May 2022 — ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. ManageEngine AppManager15 (Build No:15510) permite a un usuario administrador autenticado subir un archivo DLL para llevar a cabo un ataque de secuestro de DLL dentro de la carpeta "working" mediante la funcionalidad "Upload Files / Binaries" • https://fluidattacks.com/advisories/cerati • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 4%CPEs: 157EXPL: 0CVE-2020-28679
https://notcve.org/view.php?id=CVE-2020-28679
10 Jan 2022 — A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. Una vulnerabilidad en el módulo showReports de Zoho ManageEngine Applications Manager versiones anteriores a 14550, permite a atacantes autenticados ejecutar una inyección SQL por medio de una petición diseñada • https://www.manageengine.com/products/applications_manager/issues.html#v14550 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 21%CPEs: 7EXPL: 0CVE-2020-24743
https://notcve.org/view.php?id=CVE-2020-24743
03 Nov 2021 — An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. Se ha detectado un problema en el archivo /showReports.do Zoho ManageEngine Applications Manager versiones hasta la 14550, permite a atacantes alcanzar privilegios escalados por medio del parámetro resourceid • https://www.manageengine.com/products/applications_manager/issues.html#v14550 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-35512
https://notcve.org/view.php?id=CVE-2021-35512
21 Oct 2021 — An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Se ha detectado un problema de tipo SSRF en Zoho ManageEngine Applications Manager versión build 15200 • https://www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 29%CPEs: 5EXPL: 1CVE-2021-31813
https://notcve.org/view.php?id=CVE-2021-31813
01 Jul 2021 — Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. Zoho ManageEngine Applications Manager versiones anteriores a 15130, es vulnerable a un ataque de tipo XSS Almacenado al importar detalles de usuarios maliciosos (por ejemplo, un nombre de usuario diseñado) desde AD • https://raxis.com/blog/cve-2021-31813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •