CVSS: 9.1EPSS: 38%CPEs: 97EXPL: 1CVE-2023-47211
https://notcve.org/view.php?id=CVE-2023-47211
08 Jan 2024 — A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. Existe una vulnerabilidad de directory traversal en la funcionalidad uploadMib de ManageEngine OpManager 12.7.258. Una solicitud HTTP especialmente manipulada puede dar lugar a la creación de archivos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 788EXPL: 1CVE-2023-6105 – ManageEngine Information Disclosure in Multiple Products
https://notcve.org/view.php?id=CVE-2023-6105
15 Nov 2023 — An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Existe una vulnerabilidad de divulgación de información en varios productos ManageEngine que puede provocar la exposición de claves de cifrado... • https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 60%CPEs: 69EXPL: 0CVE-2023-31099
https://notcve.org/view.php?id=CVE-2023-31099
04 May 2023 — Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. • https://manageengine.com •
CVSS: 6.4EPSS: 2%CPEs: 81EXPL: 1CVE-2022-43473
https://notcve.org/view.php?id=CVE-2022-43473
30 Mar 2023 — A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.5EPSS: 0%CPEs: 336EXPL: 0CVE-2022-35404
https://notcve.org/view.php?id=CVE-2022-35404
18 Jul 2022 — ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. ManageEngine Password Manager Pro versiones 12100 y anteriores y OPManager versiones 126100 y anteriores son vulnerables a una creación no autorizada de archivos y directorios en un equipo servidor • https://manageengine.com • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 51%CPEs: 139EXPL: 0CVE-2022-29535
https://notcve.org/view.php?id=CVE-2022-29535
05 May 2022 — Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. Zoho ManageEngine OPManager versiones hasta 125588, permite una inyección SQL por medio de algunos informes por defecto • https://manageengine.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 10%CPEs: 136EXPL: 0CVE-2022-27908
https://notcve.org/view.php?id=CVE-2022-27908
18 Apr 2022 — Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. Zoho ManageEngine OpManager versiones anteriores a 125588 (y antes de 125603) es vulnerable a una inyección SQL autenticada en el módulo de informes de inventario • https://www.manageengine.com/network-monitoring/security-updates/cve-2022-27908.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 36%CPEs: 118EXPL: 0CVE-2021-41075
https://notcve.org/view.php?id=CVE-2021-41075
13 Oct 2021 — The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. El analizador de NetFlow en Zoho ManageEngine OpManger versiones anteriores a 125455, es vulnerable a una inyección SQL en la API del módulo de ataques • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125455 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 27%CPEs: 111EXPL: 0CVE-2021-40493
https://notcve.org/view.php?id=CVE-2021-40493
13 Oct 2021 — Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. OpManager de Zoho ManageEngine versiones anteriores a 125437, es vulnerable a una inyección SQL en el módulo de diagnósticos de soporte. Esto ocurre por medio del parámetro pollingObject de la API getDataCollectionFailureReason • https://www.manageengine.com/network-monitoring/security-updates/cve-2021-40493.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 22%CPEs: 120EXPL: 0CVE-2021-41288
https://notcve.org/view.php?id=CVE-2021-41288
30 Sep 2021 — Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. Zoho ManageEngine OpManager versión 125466 y por debajo, es vulnerable a una inyección SQL en la API getReportData • https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_125467 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •