Vulnerabilites related to zohocorp - manageengine_admanager_plus
cve-2021-37761
Vulnerability from cvelistv5
Published
2021-09-27 16:23
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:07.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T16:23:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37761",
"datePublished": "2021-09-27T16:23:04",
"dateReserved": "2021-08-01T00:00:00",
"dateUpdated": "2024-08-04T01:30:07.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17552
Vulnerability from cvelistv5
Published
2018-02-07 17:00
Modified
2024-08-05 20:51
Severity ?
EPSS score ?
Summary
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:32.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-07T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/",
"refsource": "MISC",
"url": "https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17552",
"datePublished": "2018-02-07T17:00:00",
"dateReserved": "2017-12-11T00:00:00",
"dateUpdated": "2024-08-05T20:51:32.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37929
Vulnerability from cvelistv5
Published
2021-10-07 15:22
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:22:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37929",
"datePublished": "2021-10-07T15:22:26",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24409
Vulnerability from cvelistv5
Published
2024-11-08 08:01
Modified
2024-11-08 14:20
Severity ?
EPSS score ?
Summary
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADManager Plus |
Version: 0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_admanager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "7203",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T14:19:23.042539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T14:20:25.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/ad-manager/",
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ADManager Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "7203",
"status": "affected",
"version": "0",
"versionType": "7203"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "metin kandemir"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u0026nbsp;Privilege Escalation in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eModify Computers option.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u00a0Privilege Escalation in the\u00a0Modify Computers option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:01:12.844Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-24409.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-24409",
"datePublished": "2024-11-08T08:01:12.844Z",
"dateReserved": "2024-01-25T09:12:44.368Z",
"dateUpdated": "2024-11-08T14:20:25.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37424
Vulnerability from cvelistv5
Published
2021-09-21 12:50
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T12:50:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37424",
"datePublished": "2021-09-21T12:50:36",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:04.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37922
Vulnerability from cvelistv5
Published
2021-10-07 15:34
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:34:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37922",
"datePublished": "2021-10-07T15:34:18",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5050
Vulnerability from cvelistv5
Published
2011-11-23 01:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/64857 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/40355 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/39901 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58860 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64857"
},
{
"name": "40355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40355"
},
{
"name": "39901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39901"
},
{
"name": "admanager-remoteshare-xss(58860)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64857"
},
{
"name": "40355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40355"
},
{
"name": "39901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39901"
},
{
"name": "admanager-remoteshare-xss(58860)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64857",
"refsource": "OSVDB",
"url": "http://osvdb.org/64857"
},
{
"name": "40355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40355"
},
{
"name": "39901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39901"
},
{
"name": "admanager-remoteshare-xss(58860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5050",
"datePublished": "2011-11-23T01:00:00",
"dateReserved": "2011-11-22T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37420
Vulnerability from cvelistv5
Published
2021-09-21 12:52
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | x_refsource_MISC | |
| https://blog.stmcyber.com/vulns/cve-2021-37420/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37420/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T23:47:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37420/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-37420/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-37420/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37420",
"datePublished": "2021-09-21T12:52:25",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36771
Vulnerability from cvelistv5
Published
2021-07-17 18:13
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T18:13:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36771",
"datePublished": "2021-07-17T18:13:48",
"dateReserved": "2021-07-17T00:00:00",
"dateUpdated": "2024-08-04T01:01:59.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39912
Vulnerability from cvelistv5
Published
2023-08-31 00:00
Modified
2024-08-02 18:18
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-39912.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-01T06:07:26.395727",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-39912.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39912",
"datePublished": "2023-08-31T00:00:00",
"dateReserved": "2023-08-07T00:00:00",
"dateUpdated": "2024-08-02T18:18:10.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35594
Vulnerability from cvelistv5
Published
2021-03-05 16:29
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7066 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/ad-manager/release-notes.html#7066 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7066 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-05T16:29:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus before 7066 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7066",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35594",
"datePublished": "2021-03-05T16:29:12",
"dateReserved": "2020-12-21T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37762
Vulnerability from cvelistv5
Published
2021-10-07 15:40
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:07.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:40:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37762",
"datePublished": "2021-10-07T15:40:33",
"dateReserved": "2021-08-01T00:00:00",
"dateUpdated": "2024-08-04T01:30:07.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36772
Vulnerability from cvelistv5
Published
2021-07-17 18:13
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T18:13:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36772",
"datePublished": "2021-07-17T18:13:39",
"dateReserved": "2021-07-17T00:00:00",
"dateUpdated": "2024-08-04T01:01:59.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19374
Vulnerability from cvelistv5
Published
2019-04-30 17:30
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T17:30:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/",
"refsource": "MISC",
"url": "https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19374",
"datePublished": "2019-04-30T17:30:40",
"dateReserved": "2018-11-20T00:00:00",
"dateUpdated": "2024-08-05T11:37:11.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35785
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:56:34.893304",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35785",
"datePublished": "2023-08-28T00:00:00",
"dateReserved": "2023-06-16T00:00:00",
"dateUpdated": "2024-08-02T16:30:45.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37539
Vulnerability from cvelistv5
Published
2021-09-27 14:05
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T14:05:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37539",
"datePublished": "2021-09-27T14:05:37",
"dateReserved": "2021-07-26T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31492
Vulnerability from cvelistv5
Published
2023-08-17 00:00
Modified
2024-11-26 21:35
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:31.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31492",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T21:34:54.528803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T21:35:29.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T23:05:50.368591",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
},
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
},
{
"url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31492",
"datePublished": "2023-08-17T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-11-26T21:35:29.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42002
Vulnerability from cvelistv5
Published
2021-11-11 04:33
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/ad-manager/release-notes.html#7115 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-11T04:33:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7115",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42002",
"datePublished": "2021-11-11T04:33:38",
"dateReserved": "2021-10-04T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37924
Vulnerability from cvelistv5
Published
2021-10-07 15:35
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:35:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37924",
"datePublished": "2021-10-07T15:35:12",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-48878
Vulnerability from cvelistv5
Published
2024-11-04 10:56
Modified
2024-11-04 15:22
Severity ?
EPSS score ?
Summary
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | ADManager Plus |
Version: 0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "manageengine_admanager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "7241",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T15:20:43.036499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T15:22:39.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/ad-manager/",
"defaultStatus": "unaffected",
"product": "ADManager Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "7241",
"status": "affected",
"version": "0",
"versionType": "7241"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eArchived Audit Report.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u00a0Archived Audit Report."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T10:56:26.641Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-48878",
"datePublished": "2024-11-04T10:56:26.641Z",
"dateReserved": "2024-10-09T10:57:57.152Z",
"dateUpdated": "2024-11-04T15:22:39.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33911
Vulnerability from cvelistv5
Published
2021-07-17 18:19
Modified
2024-08-04 00:05
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:51.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T18:19:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33911",
"datePublished": "2021-07-17T18:19:27",
"dateReserved": "2021-06-07T00:00:00",
"dateUpdated": "2024-08-04T00:05:51.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-47966
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2024-09-13 17:58
Severity ?
EPSS score ?
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"tags": [
"x_transferred"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47966",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:00:59.744032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-01-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47966"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:58:23.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T19:33:35.401552",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47966",
"datePublished": "2023-01-18T00:00:00",
"dateReserved": "2022-12-26T00:00:00",
"dateUpdated": "2024-09-13T17:58:23.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37923
Vulnerability from cvelistv5
Published
2021-10-07 15:36
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:36:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37923",
"datePublished": "2021-10-07T15:36:02",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1026
Vulnerability from cvelistv5
Published
2015-03-11 14:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/534833/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html"
},
{
"name": "20150310 Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534833/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html"
},
{
"name": "20150310 Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534833/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html"
},
{
"name": "20150310 Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534833/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1026",
"datePublished": "2015-03-11T14:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42904
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42904",
"datePublished": "2022-11-18T00:00:00",
"dateReserved": "2022-10-13T00:00:00",
"dateUpdated": "2024-08-03T13:19:05.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35786
Vulnerability from cvelistv5
Published
2023-07-05 00:00
Modified
2024-11-22 15:44
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-35786.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T15:44:20.332306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:44:28.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-35786.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35786",
"datePublished": "2023-07-05T00:00:00",
"dateReserved": "2023-06-16T00:00:00",
"dateUpdated": "2024-11-22T15:44:28.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38298
Vulnerability from cvelistv5
Published
2021-10-07 21:33
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T21:33:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38298",
"datePublished": "2021-10-07T21:33:30",
"dateReserved": "2021-08-09T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38743
Vulnerability from cvelistv5
Published
2023-09-11 00:00
Modified
2024-08-02 17:54
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:38.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:50:15.623362",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38743",
"datePublished": "2023-09-11T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-08-02T17:54:38.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6105
Vulnerability from cvelistv5
Published
2023-11-15 20:57
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | Service Desk Plus |
Version: 0 < 14304 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Service Desk Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "14304",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Asset Explorer",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "7004",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Access Manager Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "14304",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.\u003cbr\u003e"
}
],
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:58:04.015Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Information Disclosure in Multiple Products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-6105",
"datePublished": "2023-11-15T20:57:47.981Z",
"dateReserved": "2023-11-13T15:10:28.339Z",
"dateUpdated": "2025-02-13T17:26:03.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29457
Vulnerability from cvelistv5
Published
2022-04-18 19:47
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T19:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"name": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability",
"refsource": "MISC",
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"name": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29457",
"datePublished": "2022-04-18T19:47:07",
"dateReserved": "2022-04-18T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38332
Vulnerability from cvelistv5
Published
2023-08-04 00:00
Modified
2024-10-17 15:13
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:13:45.987236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:13:55.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user\u0027s account via sensitive information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38332",
"datePublished": "2023-08-04T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-17T15:13:55.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20131
Vulnerability from cvelistv5
Published
2021-10-13 17:30
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-43 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ADManager Plus Build 7111 |
Version: ManageEngine ADManager Plus Build 7111 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine ADManager Plus Build 7111",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ManageEngine ADManager Plus Build 7111"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T17:30:20",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine ADManager Plus Build 7111",
"version": {
"version_data": [
{
"version_value": "ManageEngine ADManager Plus Build 7111"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-43",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20131",
"datePublished": "2021-10-13T17:30:20",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24786
Vulnerability from cvelistv5
Published
2020-08-31 14:02
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:02:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/data-security/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5",
"refsource": "MISC",
"url": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://www.manageengine.com/products/eventlog/features-new.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24786",
"datePublished": "2020-08-31T14:02:05",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37741
Vulnerability from cvelistv5
Published
2021-09-21 12:56
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T12:56:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37741",
"datePublished": "2021-09-21T12:56:52",
"dateReserved": "2021-07-30T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29084
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2025-02-07 16:27
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:26:29.516444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:27:41.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html"
},
{
"url": "http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29084",
"datePublished": "2023-04-13T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:27:41.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41904
Vulnerability from cvelistv5
Published
2023-09-26 00:00
Modified
2024-09-24 14:50
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-41904.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:29:00.373406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:50:31.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T13:35:05.066821",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-41904.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41904",
"datePublished": "2023-09-26T00:00:00",
"dateReserved": "2023-09-05T00:00:00",
"dateUpdated": "2024-09-24T14:50:31.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37927
Vulnerability from cvelistv5
Published
2021-09-22 13:35
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC | |
| https://www.manageengine.com/products/self-service-password/release-notes.html#6110 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T13:27:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html#6110",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37927",
"datePublished": "2021-09-22T13:35:51",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37926
Vulnerability from cvelistv5
Published
2021-10-07 15:20
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:20:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37926",
"datePublished": "2021-10-07T15:20:03",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37931
Vulnerability from cvelistv5
Published
2021-10-07 15:31
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:31:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37931",
"datePublished": "2021-10-07T15:31:37",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20130
Vulnerability from cvelistv5
Published
2021-10-13 17:30
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-43 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ADManager Plus Build 7111 |
Version: ManageEngine ADManager Plus Build 7111 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine ADManager Plus Build 7111",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ManageEngine ADManager Plus Build 7111"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T17:30:14",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine ADManager Plus Build 7111",
"version": {
"version_data": [
{
"version_value": "ManageEngine ADManager Plus Build 7111"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-43",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20130",
"datePublished": "2021-10-13T17:30:14",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15740
Vulnerability from cvelistv5
Published
2018-08-28 19:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/45256/ | exploit, x_refsource_EXPLOIT-DB | |
| https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ | x_refsource_MISC | |
| https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr | x_refsource_MISC | |
| http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45256",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45256/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the \"Workflow Delegation\" \"Requester Roles\" screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-13T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45256",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45256/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the \"Workflow Delegation\" \"Requester Roles\" screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45256",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45256/"
},
{
"name": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ"
},
{
"name": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr"
},
{
"name": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15740",
"datePublished": "2018-08-28T19:00:00",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37928
Vulnerability from cvelistv5
Published
2021-10-07 15:21
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:21:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37928",
"datePublished": "2021-10-07T15:21:30",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37920
Vulnerability from cvelistv5
Published
2021-10-07 15:37
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:37:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37920",
"datePublished": "2021-10-07T15:37:42",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12876
Vulnerability from cvelistv5
Published
2019-07-17 19:46
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109298 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"name": "109298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109298"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-19T12:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"name": "109298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109298"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"name": "109298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109298"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12876",
"datePublished": "2019-07-17T19:46:17",
"dateReserved": "2019-06-18T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37919
Vulnerability from cvelistv5
Published
2021-10-07 15:38
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:38:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37919",
"datePublished": "2021-10-07T15:38:29",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37918
Vulnerability from cvelistv5
Published
2021-10-07 15:33
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:33:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37918",
"datePublished": "2021-10-07T15:33:18",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37921
Vulnerability from cvelistv5
Published
2021-10-07 15:36
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:36:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37921",
"datePublished": "2021-10-07T15:36:52",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37419
Vulnerability from cvelistv5
Published
2021-09-21 12:53
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | x_refsource_MISC | |
| https://blog.stmcyber.com/vulns/cve-2021-37419/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37419/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-03T02:34:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37419/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"name": "https://blog.stmcyber.com/vulns/cve-2021-37419/",
"refsource": "MISC",
"url": "https://blog.stmcyber.com/vulns/cve-2021-37419/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37419",
"datePublished": "2021-09-21T12:53:52",
"dateReserved": "2021-07-23T00:00:00",
"dateUpdated": "2024-08-04T01:16:04.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37925
Vulnerability from cvelistv5
Published
2021-09-22 13:23
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-22T13:23:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37925",
"datePublished": "2021-09-22T13:23:40",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37930
Vulnerability from cvelistv5
Published
2021-10-07 15:30
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:30:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37930",
"datePublished": "2021-10-07T15:30:34",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-21 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities."
},
{
"lang": "es",
"value": "ManageEngine ADManager Plus versiones anteriores a 7111, presenta vulnerabilidades de RCE de pre-autenticaci\u00f3n"
}
],
"id": "CVE-2021-37741",
"lastModified": "2024-11-21T06:15:51.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-21T13:15:07.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-21 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20D5A6AE-9058-4381-9C71-C7A52DFFEDE0",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BCAB5D26-3181-4573-8F1C-B33183C8B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "2993EF0E-D147-4512-9B5F-3D7E82EAFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "E8ABBE88-E3FC-43B1-A319-C6AE78EF33CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "ED36E8C1-C26D-4A74-8D47-8DBD2BF86D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "8633BC6E-C86B-4D96-876C-3FB7F5133886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "9B08B585-C379-44FD-BC4E-6C9F3E0FA0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "394FD156-844D-4CEF-87CA-5A5FB1DBE2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "FF83CF7D-9826-4DB8-9A05-C2260FFA4680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "6EA114E7-ECBD-4503-86C8-E078805CC49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "1D9736FE-07FE-47F2-B8D0-25C4D474D1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "2C9487B6-24B4-4D0A-AB4F-FBC7F068D01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "C31AF224-954D-481C-B52B-092AFCA20077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "7383E219-4F88-43CF-80D1-85E1AE8C37DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover."
},
{
"lang": "es",
"value": "ManageEngine ADSelfService Plus versiones anteriores a 6112, es vulnerable a una toma de control de cuentas de usuario de dominio"
}
],
"id": "CVE-2021-37424",
"lastModified": "2024-11-21T06:15:08.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-21T13:15:07.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-18 20:15
Modified
2024-11-21 06:59
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED61D61A-99CB-4279-AEF4-4F5D509AAAB6",
"versionEndExcluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4647CCE1-92BF-486A-A245-2E6BADC14C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "AC907344-7ACC-41CA-AA1D-8AEE1C604F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "6957BD6B-3CCB-4C45-B3E9-DE988CDEF122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "B932650D-3BCF-4A9C-B518-04C212925C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "FF8CFB6B-DD8F-45BD-9F17-7BE6014AFE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7005:*:*:*:*:*:*",
"matchCriteriaId": "583C263D-F219-434C-A452-9F4A337FAF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7006:*:*:*:*:*:*",
"matchCriteriaId": "154B0AC9-FB9F-42FC-85FF-B6F4DA77F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7007:*:*:*:*:*:*",
"matchCriteriaId": "2C71406B-D0A7-480F-BD70-F01AF8800749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7008:*:*:*:*:*:*",
"matchCriteriaId": "5643057F-7579-465C-9C0F-F83617C6BE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "BD6AFBED-42E1-400B-A198-71220D228770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "6F4BB38D-4E2A-41A0-8ED2-5D23FDE1BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "E14468CC-1FAF-4F3C-872A-283923E11BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "F05B3F91-1ECB-4000-A0E1-814DC82CE9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "F216675D-EC1B-4C67-ACA4-002C3A31976D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "A70FBB7E-A8D7-4DF9-BF7C-C6E8FC6FFCA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*",
"matchCriteriaId": "2EC89DCA-D24A-46BB-8086-C306BB4CDABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*",
"matchCriteriaId": "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*",
"matchCriteriaId": "E319DA11-0C76-4F52-A197-FFBF4F30BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*",
"matchCriteriaId": "B928577F-3183-4305-9009-A8C6970477D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CE6F33B5-418E-4B38-81EB-090E4F3AF89A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*",
"matchCriteriaId": "3FC399C6-4299-4744-9FC5-13CFE7478164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, ADAuditPlus versi\u00f3n 7060, Exchange Reporter Plus versi\u00f3n 5701, y ADManagerPlus versi\u00f3n 7131, permiten una divulgaci\u00f3n de NTLM Hash durante determinados pasos de configuraci\u00f3n de la ruta de almacenamiento"
}
],
"id": "CVE-2022-29457",
"lastModified": "2024-11-21T06:59:07.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-18T20:15:09.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37919",
"lastModified": "2024-11-21T06:16:03.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 06:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*",
"matchCriteriaId": "28E1833F-24C8-44EC-9B66-4D832AB1C9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*",
"matchCriteriaId": "7DCA2AF7-8732-4095-BB6F-6F40EADD7449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*",
"matchCriteriaId": "54247785-E55A-407D-A667-1734E7C84DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*",
"matchCriteriaId": "5C8887B2-D378-4A7D-B678-9B2C68953E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*",
"matchCriteriaId": "ADD4EAD7-275A-4467-9217-102051BE49C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:*:*:*:*:*:*",
"matchCriteriaId": "8181AF41-779F-4289-BECE-03C2731FDA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:*:*:*:*:*:*",
"matchCriteriaId": "2BFB486E-9256-4B56-98BF-24B5A56415A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files."
}
],
"id": "CVE-2023-35786",
"lastModified": "2024-11-21T08:08:42.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T06:15:21.090",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-35786.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-35786.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-22 14:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, presenta una vulnerabilidad de inyecci\u00f3n de comandos Post-Auth OS"
}
],
"id": "CVE-2021-37925",
"lastModified": "2024-11-21T06:16:04.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-22T14:15:07.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-11 05:15
Modified
2024-11-21 06:27
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versiones anteriores a 7115, es vulnerable a una omisi\u00f3n de filtro que conlleva a una ejecuci\u00f3n de c\u00f3digo remota de carga de archivos"
}
],
"id": "CVE-2021-42002",
"lastModified": "2024-11-21T06:27:03.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-11T05:15:09.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-27 17:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores es vulnerable a una carga de archivos sin restricciones, conllevando a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37761",
"lastModified": "2024-11-21T06:15:52.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T17:15:08.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-04 11:15
Modified
2024-11-05 19:44
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "BC919233-CE66-416C-8649-B94A23F131F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7210:*:*:*:*:*:*",
"matchCriteriaId": "AD2880B4-88AD-49E4-B423-5C0CCCF5DF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7211:*:*:*:*:*:*",
"matchCriteriaId": "C8BCAFB6-F46D-4E09-8827-13ED1A7D5740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7212:*:*:*:*:*:*",
"matchCriteriaId": "0D0166A3-B34B-44FC-9DB8-E06BDDAC7CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7220:*:*:*:*:*:*",
"matchCriteriaId": "CE25B1E5-D380-490C-98A6-121FA10A3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7221:*:*:*:*:*:*",
"matchCriteriaId": "50283EE9-A9EC-4BD2-958E-F2A278B84C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7222:*:*:*:*:*:*",
"matchCriteriaId": "645C5636-1E03-47D2-834B-3DE95B347E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7223:*:*:*:*:*:*",
"matchCriteriaId": "4340408B-3928-430F-BDBA-10E43F25C595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7224:*:*:*:*:*:*",
"matchCriteriaId": "C792F787-B6F6-4908-923C-25679BA67988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7230:*:*:*:*:*:*",
"matchCriteriaId": "826183CE-C9B9-4C34-8885-3773F42AAAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7231:*:*:*:*:*:*",
"matchCriteriaId": "F7A9A00F-1792-4DAA-B393-AFAB279F850C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7232:*:*:*:*:*:*",
"matchCriteriaId": "250DC9F9-082E-4C3A-B0C4-681C8AFCCD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7240:*:*:*:*:*:*",
"matchCriteriaId": "308413DB-AB0D-47B1-863E-B6C4B6D88D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7241:*:*:*:*:*:*",
"matchCriteriaId": "CB2D7A55-BC4E-451C-BA49-AAAA5180724B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u00a0Archived Audit Report."
},
{
"lang": "es",
"value": " Las versiones 7241 y anteriores de Zohocorp ManageEngine ADManager Plus son vulnerables a la inyecci\u00f3n SQL en el informe de auditor\u00eda archivado."
}
],
"id": "CVE-2024-48878",
"lastModified": "2024-11-05T19:44:58.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-04T11:15:06.417",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una sobrescritura de archivos sin restricciones conllevando a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37762",
"lastModified": "2024-11-21T06:15:52.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-22 14:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/self-service-password/release-notes.html#6110 | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/self-service-password/release-notes.html#6110 | Not Applicable, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una toma de control de cuentas por medio de SSO"
}
],
"id": "CVE-2021-37927",
"lastModified": "2024-11-21T06:16:04.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-22T14:15:07.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html#6110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 19:29
Modified
2024-11-21 03:51
Severity ?
Summary
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | 6.5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E22DD181-25F0-48AE-A86A-753193FE6F1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the \"Workflow Delegation\" \"Requester Roles\" screen."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus 6.5.7 tiene Cross-Site Scripting (XSS) en la pantalla \"Requester Roles\" de \"Workflow Delegation\"."
}
],
"id": "CVE-2018-15740",
"lastModified": "2024-11-21T03:51:22.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T19:29:17.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45256/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45256/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-30 18:29
Modified
2024-11-21 03:57
Severity ?
Summary
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | 6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6657:*:*:*:*:*:*",
"matchCriteriaId": "EC6A1F29-3A46-4BF9-80FD-C8C26EF3F0D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 6.6 compilaci\u00f3n 6657, permite a los usuarios locales conseguir privilegios (despu\u00e9s reiniciar) al colocar un archivo de troyano en el directorio bin permisivo."
}
],
"id": "CVE-2018-19374",
"lastModified": "2024-11-21T03:57:49.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-30T18:29:07.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-13 18:15
Modified
2024-11-21 05:45
Severity ?
Summary
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface."
},
{
"lang": "es",
"value": "ManageEngine ADManager Plus versi\u00f3n Build 7111, contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota posterior a la autenticaci\u00f3n debido una cargas de archivos comprobada inapropiadamente en la interfaz de PasswordExpiry"
}
],
"id": "CVE-2021-20130",
"lastModified": "2024-11-21T05:45:58.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-13T18:15:07.843",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-07 17:29
Modified
2024-11-21 03:18
Severity ?
Summary
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80239E1E-73FB-47D0-9106-DD0D714AAEA4",
"versionEndIncluding": "6613",
"versionStartIncluding": "6590",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted."
},
{
"lang": "es",
"value": "/LoadFrame en Zoho ManageEngine AD Manager Plus build 6590 - 6613 permite que atacantes lleven a cabo ataques de redirecci\u00f3n de URL mediante el par\u00e1metro src, lo que resulta en la omisi\u00f3n de la protecci\u00f3n CSRF o en la ocultaci\u00f3n potencial de una URL maliciosa como fiable."
}
],
"id": "CVE-2017-17552",
"lastModified": "2024-11-21T03:18:08.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-07T17:29:01.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-18 21:15
Modified
2024-11-21 07:25
Severity ?
Summary
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus hasta 7151 permite a los usuarios administradores autenticados ejecutar los comandos en la configuraci\u00f3n del proxy."
}
],
"id": "CVE-2022-42904",
"lastModified": "2024-11-21T07:25:34.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-18T21:15:11.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-17 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/109298 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109298 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | 6.6.5 | |
| zohocorp | manageengine_adselfservice_plus | 5.7 | |
| zohocorp | manageengine_desktop_central | 10.0.380 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F04532BC-FBD0-4111-9213-3F044475CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "147F5946-E435-4EDF-B839-E1853C2F9DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380:*:*:*:*:*:*:*",
"matchCriteriaId": "643C7F9E-F838-421C-BB13-ECCFDF073C91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 6.6.5, ADSelfService Plus versi\u00f3n 5.7, y DesktopCentral versi\u00f3n 10.0.380 tiene permisos no seguros, lo que conlleva a una escalada de privilegios desde los privilegios de bajo nivel hasta el sistema."
}
],
"id": "CVE-2019-12876",
"lastModified": "2024-11-21T04:23:45.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-17T20:15:11.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109298"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37931",
"lastModified": "2024-11-21T06:16:05.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-31 23:15
Modified
2024-11-21 08:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11647C4A-2824-49C7-9660-EB1D9BE748EA",
"versionEndIncluding": "7202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed."
}
],
"id": "CVE-2023-39912",
"lastModified": "2024-11-21T08:16:01.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-31T23:15:26.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-39912.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-39912.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 23:15
Modified
2024-11-21 08:01
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*",
"matchCriteriaId": "28E1833F-24C8-44EC-9B66-4D832AB1C9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*",
"matchCriteriaId": "7DCA2AF7-8732-4095-BB6F-6F40EADD7449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*",
"matchCriteriaId": "54247785-E55A-407D-A667-1734E7C84DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*",
"matchCriteriaId": "5C8887B2-D378-4A7D-B678-9B2C68953E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*",
"matchCriteriaId": "ADD4EAD7-275A-4467-9217-102051BE49C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:*:*:*:*:*:*",
"matchCriteriaId": "8181AF41-779F-4289-BECE-03C2731FDA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:*:*:*:*:*:*",
"matchCriteriaId": "2BFB486E-9256-4B56-98BF-24B5A56415A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users."
},
{
"lang": "es",
"value": "ADManager Plus versi\u00f3n 7182 y anteriores de ManageEngine de Zoho divulgaron las contrase\u00f1as predeterminadas para la restauraci\u00f3n de cuentas de dominios no autorizadas a los usuarios autenticados."
}
],
"id": "CVE-2023-31492",
"lastModified": "2024-11-21T08:01:58.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T23:15:09.167",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37920",
"lastModified": "2024-11-21T06:16:03.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-21 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37420/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37420/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20D5A6AE-9058-4381-9C71-C7A52DFFEDE0",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BCAB5D26-3181-4573-8F1C-B33183C8B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "2993EF0E-D147-4512-9B5F-3D7E82EAFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "E8ABBE88-E3FC-43B1-A319-C6AE78EF33CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "ED36E8C1-C26D-4A74-8D47-8DBD2BF86D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "8633BC6E-C86B-4D96-876C-3FB7F5133886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "9B08B585-C379-44FD-BC4E-6C9F3E0FA0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "394FD156-844D-4CEF-87CA-5A5FB1DBE2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "FF83CF7D-9826-4DB8-9A05-C2260FFA4680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "6EA114E7-ECBD-4503-86C8-E078805CC49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "1D9736FE-07FE-47F2-B8D0-25C4D474D1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "2C9487B6-24B4-4D0A-AB4F-FBC7F068D01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "C31AF224-954D-481C-B52B-092AFCA20077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "7383E219-4F88-43CF-80D1-85E1AE8C37DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6112, es vulnerable a una suplantaci\u00f3n de correo"
}
],
"id": "CVE-2021-37420",
"lastModified": "2024-11-21T06:15:07.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-21T13:15:07.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37420/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37420/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-27 15:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versiones anteriores a 7111, es vulnerable a un archivo sin restricciones que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37539",
"lastModified": "2024-11-21T06:15:20.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T15:15:07.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-11 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus anterior a Build 7200 permite a los usuarios administradores ejecutar comandos en la m\u00e1quina de anfitri\u00f3n."
}
],
"id": "CVE-2023-38743",
"lastModified": "2024-11-21T08:14:09.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-11T19:15:42.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-21 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.stmcyber.com/vulns/cve-2021-37419/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.stmcyber.com/vulns/cve-2021-37419/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20D5A6AE-9058-4381-9C71-C7A52DFFEDE0",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BCAB5D26-3181-4573-8F1C-B33183C8B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "2993EF0E-D147-4512-9B5F-3D7E82EAFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "E8ABBE88-E3FC-43B1-A319-C6AE78EF33CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "ED36E8C1-C26D-4A74-8D47-8DBD2BF86D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "8633BC6E-C86B-4D96-876C-3FB7F5133886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "9B08B585-C379-44FD-BC4E-6C9F3E0FA0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "394FD156-844D-4CEF-87CA-5A5FB1DBE2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "FF83CF7D-9826-4DB8-9A05-C2260FFA4680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "6EA114E7-ECBD-4503-86C8-E078805CC49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "1D9736FE-07FE-47F2-B8D0-25C4D474D1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "2C9487B6-24B4-4D0A-AB4F-FBC7F068D01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "C31AF224-954D-481C-B52B-092AFCA20077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "7383E219-4F88-43CF-80D1-85E1AE8C37DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADSelfService Plus versiones anteriores a 6112, es vulnerable a un ataque de tipo SSRF"
}
],
"id": "CVE-2021-37419",
"lastModified": "2024-11-21T06:15:07.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-21T13:15:07.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37419/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.stmcyber.com/vulns/cve-2021-37419/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37929",
"lastModified": "2024-11-21T06:16:05.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37918",
"lastModified": "2024-11-21T06:16:03.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37928",
"lastModified": "2024-11-21T06:16:05.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7380E0EF-684C-487E-B343-672248D8642E",
"versionEndIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*",
"matchCriteriaId": "7F229F49-EA44-4D0A-855B-FC586CE8CFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*",
"matchCriteriaId": "07AED2F0-F527-4B4A-82FC-F571899F3738",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB7B1B9-633E-4866-B236-94888342ACD1",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "1A55E1C9-DCFE-49E7-A9A3-E3A5ECBEE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E8C30A5E-33C7-4EB3-9FB4-D5AECD9A5C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "B7085438-77E4-4B12-A885-F2294CF9B318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "7821DCD0-30DB-4520-B174-0E51CB07E12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "4666EEFD-5F91-4F1D-BB15-736A984ABA27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCD7A9D-B1BC-4CE8-9E5D-8795674BB1AA",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4200:*:*:*:*:*:*",
"matchCriteriaId": "14116D8A-9798-4EF2-9652-286D4CBDAADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4201:*:*:*:*:*:*",
"matchCriteriaId": "DAC56F69-9894-4236-9E4E-412403204E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4202:*:*:*:*:*:*",
"matchCriteriaId": "6B180386-1930-4EC2-9AF8-21F375E74BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4203:*:*:*:*:*:*",
"matchCriteriaId": "91787EC1-3053-4784-B985-FC09F368CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4204:*:*:*:*:*:*",
"matchCriteriaId": "B270FDB7-A2E2-4D77-9E68-17E57ED41B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4205:*:*:*:*:*:*",
"matchCriteriaId": "06621A53-3A32-4691-A02A-417A9DBCB9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4206:*:*:*:*:*:*",
"matchCriteriaId": "E32D414E-ADEB-4FE3-8114-815A744DBF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4207:*:*:*:*:*:*",
"matchCriteriaId": "E2A124B0-CAC1-4D17-98FF-DF479F404283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4208:*:*:*:*:*:*",
"matchCriteriaId": "BED5824C-9A62-4A9E-A440-3368D709674B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4209:*:*:*:*:*:*",
"matchCriteriaId": "F36F3D07-F9E3-4CF1-8BD3-73F58B18D35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4210:*:*:*:*:*:*",
"matchCriteriaId": "357AB232-A834-4899-950D-53E0690726A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4212:*:*:*:*:*:*",
"matchCriteriaId": "680C0265-E4DF-4275-8B0C-EBD9E7B5B798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4213:*:*:*:*:*:*",
"matchCriteriaId": "27CA1268-5D13-445A-985B-AE8F5494F61C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4214:*:*:*:*:*:*",
"matchCriteriaId": "2112361C-8F57-40E6-B665-FA8D585FA933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4215:*:*:*:*:*:*",
"matchCriteriaId": "A4E777D1-9414-439C-9309-7C89192905A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4216:*:*:*:*:*:*",
"matchCriteriaId": "FDCD0C9A-0287-4BAA-97C1-CCA96212A8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4217:*:*:*:*:*:*",
"matchCriteriaId": "27D917BB-D64D-4E16-B5E2-485EE127A310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4219:*:*:*:*:*:*",
"matchCriteriaId": "CD0D83CD-3F8B-41A5-8110-2207FC202529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4220:*:*:*:*:*:*",
"matchCriteriaId": "E7569882-9E12-4ED8-9F54-AC1F0C9EC50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4222:*:*:*:*:*:*",
"matchCriteriaId": "F15A754D-A668-42C8-9E37-7A3364BE129B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4223:*:*:*:*:*:*",
"matchCriteriaId": "086FDB61-78D3-4540-B2AC-42DF1D41ABA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4224:*:*:*:*:*:*",
"matchCriteriaId": "6F9285FB-23E4-438E-8081-D0589A8727C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4225:*:*:*:*:*:*",
"matchCriteriaId": "A4E0D81C-36B3-4638-BB0E-18023D13DA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4227:*:*:*:*:*:*",
"matchCriteriaId": "5B1F3742-3B1A-43DC-8CD7-547A4EB436E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3ADF4BC-41C3-483D-A24F-52F5D8D90E02",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "D88BAE7C-AE20-4B66-8380-93CFF7E716F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "A2EA6313-C2FC-45B5-92E6-4239B4E41E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "B6BAA7AF-E61E-40FB-ADA5-CDC51508A848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "9F96ED00-5DBE-4909-90DF-F4CDB4946ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "4CCFDC58-067A-420F-924B-9BFC342411D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "3C532BCE-429E-403D-9D44-9E3B8FD35C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "7286F2C9-FB52-4524-8293-81B36E9E8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "E70A8EC5-1046-42E8-99DC-D564B66BA987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6020:*:*:*:*:*:*",
"matchCriteriaId": "A6BF11B6-4616-49DC-B7D0-0165691D7ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6021:*:*:*:*:*:*",
"matchCriteriaId": "32FCBB8F-35F2-4A3C-8F04-39AEAAB76BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "75F07512-4B8D-492C-A59A-E2E75713241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "1750C0CC-B017-44DF-95F2-628125E416FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "B0D5FC87-6BD7-4056-8879-7BAF28BB69C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19FFF0-464F-4BAA-BD8F-5A8296EAC724",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "58739BDC-8741-4904-96C4-5E075FF87676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "69C40DE9-1849-437B-8C48-BB5ACD104CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "5792AAA4-6E32-48F6-BAF9-91AE9CE468D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "BB623771-BA56-4684-85E1-941A5EF0624A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6016:*:*:*:*:*:*",
"matchCriteriaId": "9CCF0FA4-0326-405B-94F2-513E0FAA6FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "789DE939-8305-4684-B19C-29F5A26E25A6",
"versionEndIncluding": "12.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12130:*:*:*:*:*:*",
"matchCriteriaId": "04E5575C-A204-4A46-ACDB-7A2837B2A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12135:*:*:*:*:*:*",
"matchCriteriaId": "22C76170-BE8E-40D7-9AA0-349EBB9DC718",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "350B9823-6421-4817-A9BA-B138918ADEDB",
"versionEndIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "053FB8DD-94D7-438A-8802-8ECF8B79FCA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "616D32A3-B19A-4C05-BF43-4AEB7573BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "28FF33D3-81DE-4849-8EA9-4C396D775892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "A6BE7AA0-F201-4F29-BE11-983CAE5BE103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "64339FF6-3563-41B2-8B61-A9DF076069C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "AD025538-8C73-4648-9C77-25E49FF77A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "FB3C81C0-1234-4CAA-8FB1-833FB2EF4872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "A5E6D12F-C642-4001-A838-65DDA3F94D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6033:*:*:*:*:*:*",
"matchCriteriaId": "32435B99-81DD-4AEC-ABBF-DEAFAB00CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6050:*:*:*:*:*:*",
"matchCriteriaId": "37CDC611-B94C-483C-9C4C-5BCFA6CAB7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6052:*:*:*:*:*:*",
"matchCriteriaId": "A75E3D4D-5596-4E93-8541-F183AF105231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45EEAE93-0898-4FD8-9A31-FE2D5AAD3E79",
"versionEndIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1312ABF3-93FA-46E7-BF3C-61B1A0E7BA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4301:*:*:*:*:*:*",
"matchCriteriaId": "6912B88D-23D4-4E1E-98B8-60A60314A516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "7392FEE2-8102-4125-8927-4356732ED167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "0A9867BA-BAD0-482E-AC6B-CFDC9BF19AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "B20578E3-8995-4062-9FBF-85B76945B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "96471B59-E195-4FF4-A36C-C4248F970817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "DAD74918-D60A-427A-B46B-979F3D0870A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "91731443-F449-457A-B8BD-017726596714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "C923DAAE-1C60-4A50-800D-422098A143FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "F820E8A0-981A-4C68-AFBF-D263B627F4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4311:*:*:*:*:*:*",
"matchCriteriaId": "84F1A956-19D1-47D3-AEF4-0117A25A1DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "2AE25043-4F64-4B5E-8B9F-B0793FE4834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4316:*:*:*:*:*:*",
"matchCriteriaId": "2D5849AA-9DD2-4836-9F78-0CFB917A8398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4317:*:*:*:*:*:*",
"matchCriteriaId": "777FFDDC-EA8A-45C5-963A-8982C7FA9D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4318:*:*:*:*:*:*",
"matchCriteriaId": "61658169-04C4-45A5-B6F9-31EABDFC7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4319:*:*:*:*:*:*",
"matchCriteriaId": "0439F4CA-5831-444F-9403-91B08D55CE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4320:*:*:*:*:*:*",
"matchCriteriaId": "CCE01DB3-1C25-4A0A-86A2-48052A01F21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4321:*:*:*:*:*:*",
"matchCriteriaId": "20CF3B2A-E1DA-472C-9E5B-7729F5A9B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4322:*:*:*:*:*:*",
"matchCriteriaId": "EF5CADAA-EE4B-45FE-8B31-910EB2F9A457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4324:*:*:*:*:*:*",
"matchCriteriaId": "317936F9-5856-4C05-96B0-06B286002C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4325:*:*:*:*:*:*",
"matchCriteriaId": "7A6A9E35-0AE0-41EC-95BD-6DA045B670C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4327:*:*:*:*:*:*",
"matchCriteriaId": "02E7A3A5-B101-450A-B048-580535ACD150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4328:*:*:*:*:*:*",
"matchCriteriaId": "A7804A96-2937-46EE-BCCE-7C19D3A0BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4329:*:*:*:*:*:*",
"matchCriteriaId": "92CF2307-5CE0-44C6-BBAB-9974879426D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4330:*:*:*:*:*:*",
"matchCriteriaId": "A8D1D36D-990A-426E-9DA6-8506DA235FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4331:*:*:*:*:*:*",
"matchCriteriaId": "9210E989-CEBE-430A-ABF1-30DFC3B81CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4332:*:*:*:*:*:*",
"matchCriteriaId": "AD45843D-AB8F-4CFF-8EDA-3A1AEB9C3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4333:*:*:*:*:*:*",
"matchCriteriaId": "81549C4B-1B64-4E4F-91D2-25EA86BB2859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4334:*:*:*:*:*:*",
"matchCriteriaId": "56201D6A-2330-41D0-B38D-9D4A21D6CF20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D116EAD-FC10-4B20-88C1-356C9EE0F8D7",
"versionEndIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF66EAF9-40F8-4C96-B521-58EFEFFEA2C6",
"versionEndIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "4DE6724F-80AA-4B3E-8CF1-1158F6C98AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*",
"matchCriteriaId": "A4D9B6E0-47A7-48D1-AF6A-A8512475ABD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*",
"matchCriteriaId": "FFD7E625-FAA2-4452-9E18-5E4A61A93FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*",
"matchCriteriaId": "8504DAE3-6CD9-4640-9EB1-CB304DB79BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*",
"matchCriteriaId": "F42110FC-D21E-439E-BB8C-45C03F639CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*",
"matchCriteriaId": "612E5D11-83D1-4E80-B7A4-57F61690DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*",
"matchCriteriaId": "C89C31C7-3196-47CD-9A9D-0761CEEB04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "821C24DA-1C22-43ED-AD67-E947D323A3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "FAFEF7B6-4B56-42C8-958B-E0B677F5D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "43CEBA06-F115-41E9-8B3E-C004528340A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "E398D48C-AD94-4E84-9E3A-28A8586B3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "3D042A11-638F-4485-A753-ACF2BE92D900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B0E2FA-186D-48D7-89AE-461224CA7242",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4F222A9E-12E7-45E6-BF7D-61D60FCF1787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "E5EBBD07-EB06-407C-8BFE-139A7F37D129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4408F07A-E77E-4F74-B951-E90D0AD0FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "44454167-93A9-4109-A137-0DBF56B870E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "9F95F165-5E41-4F44-A049-1B67F045A3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "EF50B0BD-244E-4445-A119-7165829BEA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "0A509BA6-9E79-4250-B412-2CCE2EF20031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5150:*:*:*:*:*:*",
"matchCriteriaId": "CA676B42-6E42-4A5C-986E-C06A4F97500A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5154:*:*:*:*:*:*",
"matchCriteriaId": "CA8D9B25-9BB1-427A-8C07-FB40638218E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5155:*:*:*:*:*:*",
"matchCriteriaId": "B1660FC6-4E59-4F1B-ABAB-51E7CD31B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5160:*:*:*:*:*:*",
"matchCriteriaId": "994FB926-30C1-4399-BE7E-1989375382FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5164:*:*:*:*:*:*",
"matchCriteriaId": "38C88C6C-A399-4B3F-A3DE-8410B68C9C2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zoho ManageEngine Exchange Reporter Plus antes del n\u00famero de compilaci\u00f3n 5510, AD360 antes del n\u00famero de compilaci\u00f3n 4228, ADSelfService Plus antes del n\u00famero de compilaci\u00f3n 5817, DataSecurity Plus antes del n\u00famero de compilaci\u00f3n 6033, RecoverManager Plus antes del n\u00famero de compilaci\u00f3n 6017, EventLog Analyzer antes del n\u00famero de compilaci\u00f3n 12136, ADAudit Adem\u00e1s, antes del n\u00famero de compilaci\u00f3n 6052, O365 Manager Plus antes del n\u00famero de compilaci\u00f3n 4334, Cloud Security Plus antes del n\u00famero de compilaci\u00f3n 4110, ADManager Plus antes del n\u00famero de compilaci\u00f3n 7055 y Log360 antes del n\u00famero de compilaci\u00f3n 5166. El servlet de Java com.manageengine.ads.fw.servlet.UpdateProductDetails accesible remotamente es propenso a una omisi\u00f3n de autenticaci\u00f3n. Las propiedades de integraci\u00f3n del sistema pueden ser modificadas y conllevar a un compromiso total de la suite de ManageEngine"
}
],
"id": "CVE-2020-24786",
"lastModified": "2024-11-21T05:16:04.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.870",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37926",
"lastModified": "2024-11-21T06:16:04.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 22:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versiones anteriores a 7110, es vulnerable a un ataque de tipo XXE ciego"
}
],
"id": "CVE-2021-38298",
"lastModified": "2024-11-21T06:16:44.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T22:15:07.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-13 19:15
Modified
2025-02-07 17:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*",
"matchCriteriaId": "28E1833F-24C8-44EC-9B66-4D832AB1C9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*",
"matchCriteriaId": "7DCA2AF7-8732-4095-BB6F-6F40EADD7449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*",
"matchCriteriaId": "54247785-E55A-407D-A667-1734E7C84DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*",
"matchCriteriaId": "5C8887B2-D378-4A7D-B678-9B2C68953E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*",
"matchCriteriaId": "ADD4EAD7-275A-4467-9217-102051BE49C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings."
}
],
"id": "CVE-2023-29084",
"lastModified": "2025-02-07T17:15:27.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-13T19:15:11.680",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-27 15:19
Modified
2024-11-21 08:21
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_admanager_plus | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus anterior a 7203 permite la omisi\u00f3n de 2FA (para la generaci\u00f3n de AuthToken) en las API REST."
}
],
"id": "CVE-2023-41904",
"lastModified": "2024-11-21T08:21:53.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-27T15:19:31.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-41904.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-41904.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-08 08:15
Modified
2024-11-13 20:35
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BCAB5D26-3181-4573-8F1C-B33183C8B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "2993EF0E-D147-4512-9B5F-3D7E82EAFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "E8ABBE88-E3FC-43B1-A319-C6AE78EF33CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*",
"matchCriteriaId": "ED36E8C1-C26D-4A74-8D47-8DBD2BF86D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*",
"matchCriteriaId": "8633BC6E-C86B-4D96-876C-3FB7F5133886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*",
"matchCriteriaId": "9B08B585-C379-44FD-BC4E-6C9F3E0FA0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*",
"matchCriteriaId": "394FD156-844D-4CEF-87CA-5A5FB1DBE2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*",
"matchCriteriaId": "FF83CF7D-9826-4DB8-9A05-C2260FFA4680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*",
"matchCriteriaId": "6EA114E7-ECBD-4503-86C8-E078805CC49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*",
"matchCriteriaId": "1D9736FE-07FE-47F2-B8D0-25C4D474D1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*",
"matchCriteriaId": "2C9487B6-24B4-4D0A-AB4F-FBC7F068D01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "C31AF224-954D-481C-B52B-092AFCA20077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "7383E219-4F88-43CF-80D1-85E1AE8C37DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F343A82A-7FD2-4BDC-A537-B6BA38315733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E22DD181-25F0-48AE-A86A-753193FE6F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6657:*:*:*:*:*:*",
"matchCriteriaId": "EC6A1F29-3A46-4BF9-80FD-C8C26EF3F0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6660:*:*:*:*:*:*",
"matchCriteriaId": "85BCE3C0-696E-4805-AA04-42E4234BCD5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F04532BC-FBD0-4111-9213-3F044475CD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E6162E29-CDBE-4AE0-8160-C4D6A99BFE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "4DE6724F-80AA-4B3E-8CF1-1158F6C98AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*",
"matchCriteriaId": "A4D9B6E0-47A7-48D1-AF6A-A8512475ABD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*",
"matchCriteriaId": "FFD7E625-FAA2-4452-9E18-5E4A61A93FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*",
"matchCriteriaId": "8504DAE3-6CD9-4640-9EB1-CB304DB79BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*",
"matchCriteriaId": "F42110FC-D21E-439E-BB8C-45C03F639CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*",
"matchCriteriaId": "612E5D11-83D1-4E80-B7A4-57F61690DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*",
"matchCriteriaId": "C89C31C7-3196-47CD-9A9D-0761CEEB04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "821C24DA-1C22-43ED-AD67-E947D323A3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "FAFEF7B6-4B56-42C8-958B-E0B677F5D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "43CEBA06-F115-41E9-8B3E-C004528340A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "E398D48C-AD94-4E84-9E3A-28A8586B3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "3D042A11-638F-4485-A753-ACF2BE92D900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "6A08DCBD-FB40-4E8D-AA29-E4CA4811FB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7056:*:*:*:*:*:*",
"matchCriteriaId": "EDEB04D2-0804-49D3-9594-7E71D6ED0710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7060:*:*:*:*:*:*",
"matchCriteriaId": "8677DEC0-07FA-4E46-9EB6-B5BD84CA7128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7061:*:*:*:*:*:*",
"matchCriteriaId": "9A5D33D3-6A4C-4E31-9F3B-3280DF70DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7062:*:*:*:*:*:*",
"matchCriteriaId": "E53B4C3C-7D4B-447B-AA00-E8542071C751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7063:*:*:*:*:*:*",
"matchCriteriaId": "6A4BB301-D085-46DF-9C96-B4DE040BA033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7064:*:*:*:*:*:*",
"matchCriteriaId": "F39F4354-815C-490C-AE8E-670148FE893F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7065:*:*:*:*:*:*",
"matchCriteriaId": "A7D0D80C-3267-4D13-83DE-344BCF1FF39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7066:*:*:*:*:*:*",
"matchCriteriaId": "1D2E1C9F-D239-41BE-B924-E57D30923877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*",
"matchCriteriaId": "28E1833F-24C8-44EC-9B66-4D832AB1C9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*",
"matchCriteriaId": "7DCA2AF7-8732-4095-BB6F-6F40EADD7449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*",
"matchCriteriaId": "54247785-E55A-407D-A667-1734E7C84DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*",
"matchCriteriaId": "5C8887B2-D378-4A7D-B678-9B2C68953E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*",
"matchCriteriaId": "ADD4EAD7-275A-4467-9217-102051BE49C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:*:*:*:*:*:*",
"matchCriteriaId": "8181AF41-779F-4289-BECE-03C2731FDA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:*:*:*:*:*:*",
"matchCriteriaId": "2BFB486E-9256-4B56-98BF-24B5A56415A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7183:*:*:*:*:*:*",
"matchCriteriaId": "3661D4F3-B44F-4788-8B3F-89B46835D704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7184:*:*:*:*:*:*",
"matchCriteriaId": "7CCECCF0-75DA-4FA8-A90E-2B1B31F86251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7185:*:*:*:*:*:*",
"matchCriteriaId": "BFEC6A92-A2B9-40D3-944C-3DB9530C17BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7186:*:*:*:*:*:*",
"matchCriteriaId": "F1297728-D42D-48CF-8CC8-AAEB68A877EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7188:*:*:*:*:*:*",
"matchCriteriaId": "3A3937FD-E0E4-4024-957A-3FC9E3C03FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "BC919233-CE66-416C-8649-B94A23F131F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u00a0Privilege Escalation in the\u00a0Modify Computers option."
},
{
"lang": "es",
"value": "Las versiones 7203 y anteriores de Zohocorp ManageEngine ADManager Plus son vulnerables a la escalada de privilegios en la opci\u00f3n Modificar equipos."
}
],
"id": "CVE-2024-24409",
"lastModified": "2024-11-13T20:35:44.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-08T08:15:15.917",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-24409.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-11 14:59
Modified
2024-11-21 02:24
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B646FDCE-7B63-4210-A0AC-667D1AF24F48",
"versionEndIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ZOHO ManageEngine ADManager Plus anterior a 6.2 Build 6270 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s (1) del par\u00e1metro technicianSearchText en la p\u00e1gina de t\u00e9cnico del centro de ayuda (Help Desk Technician) o (2) del par\u00e1metro rolesSearchText parameter en los roles del centro de ayuda (Help Desk Roles)."
}
],
"id": "CVE-2015-1026",
"lastModified": "2024-11-21T02:24:30.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-11T14:59:04.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534833/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130737/Manage-Engine-AD-Audit-Manager-Plus-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534833/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37923",
"lastModified": "2024-11-21T06:16:04.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37924",
"lastModified": "2024-11-21T06:16:04.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-17 19:15
Modified
2024-11-21 06:09
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versiones anteriores a 7110, permite una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-33911",
"lastModified": "2024-11-21T06:09:45.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-17T19:15:07.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-04 18:15
Modified
2024-11-21 08:13
Severity ?
Summary
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_admanager_plus | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user\u0027s account via sensitive information disclosure."
},
{
"lang": "es",
"value": "ADManager Plus de ManageEngine de Zoho a trav\u00e9s de 7201 permiten a los usuarios autenticados hacerse cargo de la cuenta de otro usuario a trav\u00e9s de la divulgaci\u00f3n de informaci\u00f3n sensible."
}
],
"id": "CVE-2023-38332",
"lastModified": "2024-11-21T08:13:21.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-04T18:15:13.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores es vulnerable a un salto de ruta que permite copiar archivos de un directorio a otro"
}
],
"id": "CVE-2021-37922",
"lastModified": "2024-11-21T06:16:03.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37921",
"lastModified": "2024-11-21T06:16:03.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 16:15
Modified
2024-11-21 06:16
Severity ?
Summary
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7111 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versi\u00f3n 7110 y anteriores, permite una carga de archivos sin restricciones, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-37930",
"lastModified": "2024-11-21T06:16:05.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T16:15:08.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-13 18:15
Modified
2024-11-21 05:45
Severity ?
Summary
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface."
},
{
"lang": "es",
"value": "ManageEngine ADManager Plus versi\u00f3n Build 7111 contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota despu\u00e9s de la autenticaci\u00f3n debido a una carga de archivos comprobada inapropiadamente en la interfaz de Personalizaci\u00f3n"
}
],
"id": "CVE-2021-20131",
"lastModified": "2024-11-21T05:45:58.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-13T18:15:07.887",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-43"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-18 18:15
Modified
2024-11-21 07:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
Impacted products
{
"cisaActionDue": "2023-02-13",
"cisaExploitAdd": "2023-01-23",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*",
"matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*",
"matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*",
"matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*",
"matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*",
"matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*",
"matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA4EA7A-B1C1-4750-A11D-89054B77B320",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "16BADE82-3652-4074-BDFF-828B7213CAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*",
"matchCriteriaId": "97EA9324-9377-46E1-A0EA-637128E65DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*",
"matchCriteriaId": "EA5BE36E-A73A-4D1C-8185-9692373F1444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*",
"matchCriteriaId": "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*",
"matchCriteriaId": "F505C783-09DE-4045-9DB4-DD850B449A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "212BF664-02DE-457F-91A6-6F824ECC963B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "D102B74F-6762-4EFE-BAF7-A7D416867D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*",
"matchCriteriaId": "623151CB-4C6B-4068-B173-FE8E73D652F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*",
"matchCriteriaId": "1D84377E-CB44-4C6A-A665-763A1CD1AF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*",
"matchCriteriaId": "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*",
"matchCriteriaId": "4C568190-1C1B-44FA-B50A-C142A0B8224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*",
"matchCriteriaId": "F876B2E2-C2FF-47BE-9F53-5F86606A08CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68",
"versionEndExcluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
"matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
"matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
"matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*",
"matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*",
"matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*",
"matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*",
"matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*",
"matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*",
"matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*",
"matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*",
"matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2026DE5E-EDDA-4134-A63E-1F01A9ED209F",
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "DBEE7368-580D-422E-80DE-079462579BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "92C88B5F-3689-4314-B23E-D9051808C1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "839EB997-896A-4CD9-BADF-1C2DC2B498F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:*",
"matchCriteriaId": "7A4DF40E-2941-4A38-9297-42502D7EE0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:*",
"matchCriteriaId": "DD056927-1BC0-42A0-8E26-7FC0F4BE58AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:*",
"matchCriteriaId": "99F6F9CC-5A94-4A74-8D36-BE198424C955",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1E5798-5079-4292-9C11-2F334F8AC825",
"versionEndExcluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:*",
"matchCriteriaId": "37D11E5C-C569-4D9F-BFF8-315F6D458D68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*",
"matchCriteriaId": "1E270FB5-C447-4C93-9947-2CE50850A46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*",
"matchCriteriaId": "496AFB26-1E11-4632-8C10-CD80F601FCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:*",
"matchCriteriaId": "B2CE86DA-B688-4E9E-AF16-1974858D18BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:*",
"matchCriteriaId": "4BFA2F57-4506-4B3D-86E8-BE9BEC1134B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C7DC97-8BF1-421F-9272-FD301D2D7A3F",
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*",
"matchCriteriaId": "9BE65B96-74ED-48F1-B86D-CB3387D989CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*",
"matchCriteriaId": "B4127640-1F60-4687-A24A-22B05A125290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*",
"matchCriteriaId": "E42928FB-E0E7-4951-B9B1-CEF60560A945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*",
"matchCriteriaId": "43C059E6-E1CA-4792-B383-93062CD82D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*",
"matchCriteriaId": "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:*",
"matchCriteriaId": "6C34175B-0978-4207-BFC0-F38FDFF9B3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:*",
"matchCriteriaId": "6CAB911E-5CE6-47BA-9909-C42BDFEE0F5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*",
"matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*",
"matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1FCF-76A0-40BC-A38F-56FCB713419F",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*",
"matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F5E8E6-B1AA-4454-86D3-648B67CA915E",
"versionEndExcluding": "10.1.220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FAA4DE-2C24-4ED4-9F2C-84CEA3200E31",
"versionEndExcluding": "11.1.2238.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8239C2A0-BA6D-4B5C-B02F-617178685D52",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA4E3A8-CAB3-461E-8A99-F7D115B17E71",
"versionEndExcluding": "10.1.2137.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC71FA-E248-4DA5-BA76-746631AC435E",
"versionEndExcluding": "1.1.2243.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5784980D-CEBB-4982-BD1F-FD8F5F2A039C",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9F459-2C86-4646-B87C-A55381E0939F",
"versionEndExcluding": "10.1.2228.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D851B9A-EE8F-4634-A26D-BCC44B5CF02A",
"versionEndExcluding": "10.1.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450E672F-FA36-4770-87B6-CC8DA66D2222",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
},
{
"lang": "es",
"value": "M\u00faltiples productos locales de Zoho ManageEngine, como ServiceDesk Plus hasta 14003, permiten la ejecuci\u00f3n remota de c\u00f3digo debido al uso de Apache Santuario xmlsec (tambi\u00e9n conocido como XML Security para Java) 1.4.1, porque las funciones xmlsec XSLT, por dise\u00f1o en esa versi\u00f3n, hacen la aplicaci\u00f3n responsable de ciertas protecciones de seguridad, y las aplicaciones ManageEngine no proporcionaban esas protecciones. Esto afecta a Access Manager Plus anterior a 4308, Active Directory 360 anterior a 4310, ADAudit Plus anterior a 7081, ADManager Plus anterior a 7162, ADSelfService Plus anterior a 6211, Analytics Plus anterior a 5150, Application Control Plus anterior a 10.1.2220.18, Asset Explorer anterior a 6983, Browser Security Plus antes de 11.1.2238.6, Device Control Plus antes de 10.1.2220.18, Endpoint Central antes de 10.1.2228.11, Endpoint Central MSP antes de 10.1.2228.11, Endpoint DLP antes de 10.1.2137.6, Key Manager Plus antes de 6401, OS Deployer antes de 1.1.2243.1, PAM 360 antes de 5713, Password Manager Pro antes de 12124, Patch Manager Plus antes de 10.1.2220.18, Remote Access Plus antes de 10.1.2228.11, Remote Monitoring and Management (RMM) antes de 10.1.41. ServiceDesk Plus anterior a 14004, ServiceDesk Plus MSP anterior a 13001, SupportCenter Plus anterior a 11026 y Vulnerability Manager Plus anterior a 10.1.2220.18. La explotaci\u00f3n solo es posible si alguna vez se ha configurado SAML SSO para un producto (para algunos productos, la explotaci\u00f3n requiere que SAML SSO est\u00e9 actualmente activo).\n"
}
],
"id": "CVE-2022-47966",
"lastModified": "2024-11-21T07:32:38.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-18T18:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-23 01:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "548108E9-73A4-422D-AEA7-A036414097C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en jsp/admin/tools/remote_share.jsp en ManageEngine ADManager Plus v4.4.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro computerName. NOTA: El origen de esta informaci\u00f3n es desconocido; los detalles han sido obtenidos de una fuente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2010-5050",
"lastModified": "2024-11-21T01:22:23.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-23T01:55:04.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/64857"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39901"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40355"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/64857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58860"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-28 20:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "9A24DBF5-EBC0-49DB-B253-1098BF1C6180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "9E5C2FC4-A020-42C8-958D-603C82E9F0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4313:*:*:*:*:*:*",
"matchCriteriaId": "D94DE7F6-9231-48F5-8B3F-D8D34594CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4314:*:*:*:*:*:*",
"matchCriteriaId": "27C465F6-F7F2-4FBD-B12F-4795EB47842C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4315:*:*:*:*:*:*",
"matchCriteriaId": "27BCB134-B415-481F-BBDB-650F5AD65EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
"matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
"matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
"matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
"matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
"matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*",
"matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6989:*:*:*:*:*:*",
"matchCriteriaId": "82F1AAC1-E49B-4580-9569-AD9B1E649A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6990:*:*:*:*:*:*",
"matchCriteriaId": "D971F57C-820C-4391-A15C-80A4901BC358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6991:*:*:*:*:*:*",
"matchCriteriaId": "3EAA3D29-2763-4201-9471-A0874727F40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6992:*:*:*:*:*:*",
"matchCriteriaId": "B632C001-CE54-4C22-AB99-7919D8902FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6993:*:*:*:*:*:*",
"matchCriteriaId": "648277D7-3CDD-455B-95D3-CBD9A3A82C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*",
"matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F",
"versionEndExcluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*",
"matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*",
"matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*",
"matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*",
"matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*",
"matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*",
"matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*",
"matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*",
"matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*",
"matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*",
"matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*",
"matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*",
"matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*",
"matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*",
"matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*",
"matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*",
"matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*",
"matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*",
"matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*",
"matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D262240-1B28-4B7C-B673-C10DD878D912",
"versionEndExcluding": "12.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12300:*:*:*:*:*:*",
"matchCriteriaId": "39F6B49B-8531-4A62-B0D9-C1BCD728D4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12301:*:*:*:*:*:*",
"matchCriteriaId": "F2769404-4E8A-478C-9328-269E2C334E31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B83EF5-BEF1-4636-9B3C-AE41E6010F2C",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5300:*:*:*:*:*:*",
"matchCriteriaId": "CF4D70E8-77A6-4F51-A15B-28299D43B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5301:*:*:*:*:*:*",
"matchCriteriaId": "E03D403B-C904-482E-838C-D6595C5D27FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5302:*:*:*:*:*:*",
"matchCriteriaId": "FFEB1CB7-B9F7-463D-88F8-3A2E86264FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5305:*:*:*:*:*:*",
"matchCriteriaId": "E4B18DCB-4A02-4DE6-9B19-D79299934D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5310:*:*:*:*:*:*",
"matchCriteriaId": "2D34C6F9-2578-460F-AF34-2E9494BCDE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5311:*:*:*:*:*:*",
"matchCriteriaId": "48E3DA1B-9FC6-4F07-9F89-6D71EF42FCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5315:*:*:*:*:*:*",
"matchCriteriaId": "B2F48B91-FFD5-4AC4-A198-64870E47AE9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*",
"matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*",
"matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*",
"matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*",
"matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*",
"matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*",
"matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*",
"matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*",
"matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*",
"matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*",
"matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*",
"matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*",
"matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*",
"matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*",
"matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*",
"matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*",
"matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*",
"matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*",
"matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*",
"matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*",
"matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*",
"matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*",
"matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*",
"matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*",
"matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*",
"matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*",
"matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*",
"matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*",
"matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*",
"matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*",
"matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*",
"matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*",
"matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*",
"matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*",
"matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*",
"matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*",
"matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*",
"matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*",
"matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*",
"matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*",
"matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*",
"matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*",
"matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*",
"matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*",
"matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*",
"matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*",
"matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*",
"matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*",
"matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*",
"matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*",
"matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*",
"matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*",
"matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*",
"matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*",
"matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*",
"matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*",
"matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*",
"matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*",
"matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*",
"matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*",
"matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*",
"matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*",
"matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD",
"versionEndExcluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*",
"matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*",
"matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*",
"matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*",
"matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*",
"matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*",
"matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*",
"matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*",
"matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*",
"matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*",
"matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*",
"matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*",
"matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*",
"matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*",
"matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*",
"matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*",
"matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*",
"matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*",
"matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*",
"matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*",
"matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*",
"matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*",
"matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*",
"matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*",
"matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*",
"matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*",
"matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*",
"matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D",
"versionEndExcluding": "14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*",
"matchCriteriaId": "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*",
"matchCriteriaId": "19A77447-AA60-4011-A64B-0A065F43279E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14202:*:*:*:*:*:*",
"matchCriteriaId": "811ADC13-780C-4325-8879-E521CBEC20B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14203:*:*:*:*:*:*",
"matchCriteriaId": "DB25E317-1104-4CFE-8F6A-B8B55F578F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14204:*:*:*:*:*:*",
"matchCriteriaId": "8157D1BB-556A-444B-9F4C-0BD0EF4CF02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
"matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
"matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
"matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
},
{
"lang": "es",
"value": "Zoho ManageEngine Active Directory 360 versiones 4315 e inferiores, ADAudit Plus 7202 e inferiores, ADManager Plus 7200 e inferiores, Asset Explorer 6993 e inferiores y 7xxx 7002 e inferiores, Cloud Security Plus 4161 e inferiores, Data Security Plus 6110 e inferiores, Eventlog Analyzer 12301 y siguientes, Exchange Reporter Plus 5709 y siguientes, Log360 5315 y siguientes, Log360 UEBA 4045 y siguientes, M365 Manager Plus 4529 y siguientes, M365 Security Plus 4529 y siguientes, Recovery Manager Plus 6061 y siguientes, ServiceDesk Plus 14204 y siguientes y 143xx 14302 e inferiores, ServiceDesk Plus MSP 14300 e inferiores, SharePoint Manager Plus 4402 e inferiores, y Support Center Plus 14300 e inferiores son vulnerables a la omisi\u00f3n de 2FA a trav\u00e9s de algunos autenticadores TOTP. Nota: Se requiere un par v\u00e1lido de nombre de usuario y contrase\u00f1a para aprovechar esta vulnerabilidad.\n"
}
],
"id": "CVE-2023-35785",
"lastModified": "2024-11-21T08:08:41.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-28T20:15:08.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:27
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7066 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7066 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7066 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2428F5-265B-4081-89E6-EAE2732B3E41",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E6162E29-CDBE-4AE0-8160-C4D6A99BFE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "4DE6724F-80AA-4B3E-8CF1-1158F6C98AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*",
"matchCriteriaId": "A4D9B6E0-47A7-48D1-AF6A-A8512475ABD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*",
"matchCriteriaId": "FFD7E625-FAA2-4452-9E18-5E4A61A93FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*",
"matchCriteriaId": "8504DAE3-6CD9-4640-9EB1-CB304DB79BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*",
"matchCriteriaId": "F42110FC-D21E-439E-BB8C-45C03F639CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*",
"matchCriteriaId": "612E5D11-83D1-4E80-B7A4-57F61690DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*",
"matchCriteriaId": "C89C31C7-3196-47CD-9A9D-0761CEEB04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "821C24DA-1C22-43ED-AD67-E947D323A3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "FAFEF7B6-4B56-42C8-958B-E0B677F5D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "43CEBA06-F115-41E9-8B3E-C004528340A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "E398D48C-AD94-4E84-9E3A-28A8586B3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "3D042A11-638F-4485-A753-ACF2BE92D900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "6A08DCBD-FB40-4E8D-AA29-E4CA4811FB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7056:*:*:*:*:*:*",
"matchCriteriaId": "EDEB04D2-0804-49D3-9594-7E71D6ED0710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7060:*:*:*:*:*:*",
"matchCriteriaId": "8677DEC0-07FA-4E46-9EB6-B5BD84CA7128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7061:*:*:*:*:*:*",
"matchCriteriaId": "9A5D33D3-6A4C-4E31-9F3B-3280DF70DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7062:*:*:*:*:*:*",
"matchCriteriaId": "E53B4C3C-7D4B-447B-AA00-E8542071C751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7063:*:*:*:*:*:*",
"matchCriteriaId": "6A4BB301-D085-46DF-9C96-B4DE040BA033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7064:*:*:*:*:*:*",
"matchCriteriaId": "F39F4354-815C-490C-AE8E-670148FE893F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7065:*:*:*:*:*:*",
"matchCriteriaId": "A7D0D80C-3267-4D13-83DE-344BCF1FF39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7066:*:*:*:*:*:*",
"matchCriteriaId": "1D2E1C9F-D239-41BE-B924-E57D30923877",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7066 allows XSS."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versiones anteriores a 7066, permite un ataque de tipo XSS"
}
],
"id": "CVE-2020-35594",
"lastModified": "2024-11-21T05:27:40.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-05T17:15:14.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7066"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-17 19:15
Modified
2024-11-21 06:14
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versiones anteriores a 7110, permite un ataque de tipo XSS reflejado"
}
],
"id": "CVE-2021-36771",
"lastModified": "2024-11-21T06:14:03.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-17T19:15:07.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-17 19:15
Modified
2024-11-21 06:14
Severity ?
Summary
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/ad-manager/release-notes.html#7110 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before 7110 allows stored XSS."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADManager Plus versiones anteriores a 7110, permite un ataque de tipo XSS almacenado"
}
],
"id": "CVE-2021-36772",
"lastModified": "2024-11-21T06:14:03.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-17T19:15:07.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-15 21:15
Modified
2025-02-13 18:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725AEAF1-8E3C-4D33-B65D-C8304506A131",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_appcreator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A753D74-F09F-4C42-A7C2-4D3A280FCACC",
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEDFE0E-9C9A-4DF6-9918-B5BD4DC67624",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C65599-8166-4066-BF0F-5C3CC55F544A",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB1749-097D-4F9F-94DB-F35E72A42034",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06579974-7085-42B3-9F9F-A733A1CA37D9",
"versionEndExcluding": "11.2.2322.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_central_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F551AC16-6CBA-4460-A05D-D083967BDF07",
"versionEndExcluding": "11.2.2322.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE96B83-9684-4955-81C5-AD5B5BC817DF",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC58FEB-B8E4-4B1C-AE55-F4577D7BF505",
"versionEndExcluding": "10.1.2204.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:10.1.2207.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B65D12-7DAE-4815-993C-7C5903E990DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C070B9E-FE09-4CFE-B489-DC9CED210CF1",
"versionEndExcluding": "1.2.2331.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9C6675-2DDB-4FD6-8FA6-B3EE56F87F69",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4B79F8-4D04-4EA4-8754-355DB6CA71B8",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA39630-6CE1-46E3-AF49-67DB09308C5D",
"versionEndExcluding": "10.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D89B41-A239-4329-9BEA-6D52EE8644D8",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD7707C-0FE5-475D-8FB2-CDB19363421A",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6300:*:*:*:*:*:*",
"matchCriteriaId": "F0C93DB0-3029-4D49-B180-6EFAEC4B712B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6301:*:*:*:*:*:*",
"matchCriteriaId": "F69BFD56-BA90-426C-9EF1-4BD925657BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6302:*:*:*:*:*:*",
"matchCriteriaId": "1171C259-086C-42CA-BE56-5B410677F72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6303:*:*:*:*:*:*",
"matchCriteriaId": "827B0C20-903F-48A5-8918-81F39202C21F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "BC919233-CE66-416C-8649-B94A23F131F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "3489D84B-5960-4FA7-A2DD-88AE35C34CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*",
"matchCriteriaId": "D86AB1CC-0FDE-4CC1-BF64-E0C61EAF652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*",
"matchCriteriaId": "076FDAE7-9DB2-4A04-B09E-E53858D208C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*",
"matchCriteriaId": "07C08B57-FA76-4E24-BC10-B837597BC7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*",
"matchCriteriaId": "0D734ACB-33E8-4315-8A79-2B97CE1D0509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*",
"matchCriteriaId": "9314CA98-7A69-4D2B-9928-40F55888C9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*",
"matchCriteriaId": "BCE7999C-D6AE-4406-A563-A520A171381D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*",
"matchCriteriaId": "D5716895-4553-4613-B774-0964D3E88AA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F",
"versionEndExcluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*",
"matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*",
"matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*",
"matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*",
"matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*",
"matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*",
"matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*",
"matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*",
"matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*",
"matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*",
"matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*",
"matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*",
"matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*",
"matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*",
"matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*",
"matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*",
"matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*",
"matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*",
"matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*",
"matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4162:*:*:*:*:*:*",
"matchCriteriaId": "0F95BCBE-399F-4CCC-A17B-C0C3A03A99AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "2FE57085-2085-4F62-9900-7B8DFC558418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CAB7FA92-DC12-4E8A-91CC-3C98ED74E47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6121:*:*:*:*:*:*",
"matchCriteriaId": "D04530C2-E4D0-4717-95DB-B7C224348502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6125:*:*:*:*:*:*",
"matchCriteriaId": "9BBD018F-C1FD-4A0F-A145-253D86185F6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "7AA9384F-6401-4495-B558-23E5A7A7528C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*",
"matchCriteriaId": "E492F955-0734-4AE4-A59F-572ADF0CFE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*",
"matchCriteriaId": "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*",
"matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*",
"matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*",
"matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*",
"matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*",
"matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*",
"matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*",
"matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*",
"matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*",
"matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*",
"matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*",
"matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*",
"matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*",
"matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*",
"matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*",
"matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*",
"matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*",
"matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*",
"matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*",
"matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*",
"matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*",
"matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*",
"matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4531:*:*:*:*:*:*",
"matchCriteriaId": "DC06E46F-441E-445B-A780-702B170901DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4532:*:*:*:*:*:*",
"matchCriteriaId": "A8A98287-DB5D-44A3-B835-54BACFC12944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4533:*:*:*:*:*:*",
"matchCriteriaId": "53F32DE7-F211-4BEF-99C1-CE38EFDBCCC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4535:*:*:*:*:*:*",
"matchCriteriaId": "91C3EE55-B71B-432C-A68E-BB126A715375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4536:*:*:*:*:*:*",
"matchCriteriaId": "FD48F21A-2D38-4EB8-B190-58CF176C1EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4537:*:*:*:*:*:*",
"matchCriteriaId": "76346162-0BF0-4B21-82D2-2548A989396A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4538:*:*:*:*:*:*",
"matchCriteriaId": "5313C4EF-A960-4BCA-AA97-EDC88402A175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*",
"matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*",
"matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*",
"matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*",
"matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*",
"matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*",
"matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*",
"matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*",
"matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*",
"matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*",
"matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*",
"matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*",
"matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*",
"matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*",
"matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*",
"matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*",
"matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*",
"matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*",
"matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*",
"matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*",
"matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4531:*:*:*:*:*:*",
"matchCriteriaId": "EF72A1BF-EE5D-4F43-B463-7E51285D4D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4532:*:*:*:*:*:*",
"matchCriteriaId": "2FDD429A-E938-483A-BCCF-50A2AD4096CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4533:*:*:*:*:*:*",
"matchCriteriaId": "162D604A-7F0E-44CF-9E48-D8B54F8F3509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4535:*:*:*:*:*:*",
"matchCriteriaId": "AD38FA0F-B94F-4731-A652-07702EE0B808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4536:*:*:*:*:*:*",
"matchCriteriaId": "F2C3767E-A56B-4580-AF8C-9BF5852EE414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4537:*:*:*:*:*:*",
"matchCriteriaId": "5434E8CB-8DD0-4245-AF61-CF3A69BD0C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4538:*:*:*:*:*:*",
"matchCriteriaId": "C2403DA1-FBF8-495E-B996-4060F6BE6EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
"matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
"matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
"matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4403:*:*:*:*:*:*",
"matchCriteriaId": "B7B8A2F3-5F46-40B2-A4E7-118341443C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4404:*:*:*:*:*:*",
"matchCriteriaId": "767BF16D-8CD8-4E8A-9A3B-CB11EB48FB9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD",
"versionEndExcluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*",
"matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*",
"matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*",
"matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*",
"matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*",
"matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*",
"matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*",
"matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*",
"matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*",
"matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*",
"matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*",
"matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*",
"matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*",
"matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*",
"matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*",
"matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*",
"matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*",
"matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*",
"matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*",
"matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*",
"matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*",
"matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*",
"matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*",
"matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*",
"matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*",
"matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*",
"matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*",
"matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6062:*:*:*:*:*:*",
"matchCriteriaId": "49E40C74-7077-4366-82A7-52B454725B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6070:*:*:*:*:*:*",
"matchCriteriaId": "038D7936-C837-4E49-89BC-D11DF2C875D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6071:*:*:*:*:*:*",
"matchCriteriaId": "D1DC87E8-3053-4823-BFDB-46BAF3FCEFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6072:*:*:*:*:*:*",
"matchCriteriaId": "E384B5D8-CF9A-4C6D-AB4A-5B1A66768ADB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC606E6A-3523-41D5-94C9-A62E8630A687",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*",
"matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*",
"matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*",
"matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*",
"matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*",
"matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*",
"matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*",
"matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*",
"matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*",
"matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*",
"matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*",
"matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*",
"matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*",
"matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*",
"matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*",
"matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*",
"matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*",
"matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*",
"matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*",
"matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*",
"matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4046:*:*:*:*:*:*",
"matchCriteriaId": "6C8D7EA7-7CC3-48B0-B966-71A69FDE6A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4047:*:*:*:*:*:*",
"matchCriteriaId": "05D804B6-5990-42A7-A072-8F904A5262E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4048:*:*:*:*:*:*",
"matchCriteriaId": "0C720653-317E-4B1C-AFA8-90FAE97430C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90001:*:*:*:*:*:*",
"matchCriteriaId": "A9C350FA-E483-4C06-A784-5679ED0471BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90063:*:*:*:*:*:*",
"matchCriteriaId": "15A47AA7-8B49-41EC-AB57-5706989DF756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90064:*:*:*:*:*:*",
"matchCriteriaId": "D1CCB7C8-86B9-4DA8-93D0-F96B81C82F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90065:*:*:*:*:*:*",
"matchCriteriaId": "397140D3-2424-42D9-9900-625EC4E95D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90066:*:*:*:*:*:*",
"matchCriteriaId": "BA8C9A27-572E-407F-826A-1206394044D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90067:*:*:*:*:*:*",
"matchCriteriaId": "7601CC24-FC2D-4805-A975-2D307DECDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90068:*:*:*:*:*:*",
"matchCriteriaId": "A513B136-7DC5-48DD-BDCB-1620A14849B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90069:*:*:*:*:*:*",
"matchCriteriaId": "0858CFDE-7D76-4A63-BE21-A73310AD17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90070:*:*:*:*:*:*",
"matchCriteriaId": "1BD8F9F8-89EB-422E-A4B1-E715AFD72341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90071:*:*:*:*:*:*",
"matchCriteriaId": "E0271D12-94E8-4345-9666-4A47A5AAB824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90072:*:*:*:*:*:*",
"matchCriteriaId": "513337E6-D805-461B-812F-D6EEA0921883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90073:*:*:*:*:*:*",
"matchCriteriaId": "8EB5C610-33AC-486C-AF48-4A889D429420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90074:*:*:*:*:*:*",
"matchCriteriaId": "81FC1ED5-99FF-4C30-BCE0-5CDC7A5E4C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90075:*:*:*:*:*:*",
"matchCriteriaId": "EA473C80-4100-4170-9601-8C9EEB5F64CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90076:*:*:*:*:*:*",
"matchCriteriaId": "5D2C41A7-1602-43CD-9E6D-A0178931C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90077:*:*:*:*:*:*",
"matchCriteriaId": "238E3508-0230-441E-8114-6EEB79E22632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90078:*:*:*:*:*:*",
"matchCriteriaId": "2C85C7DB-BC46-4D0A-8353-C2DB51BFFD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90079:*:*:*:*:*:*",
"matchCriteriaId": "0BAAFCD6-5945-46BE-9380-5C2F79060B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90080:*:*:*:*:*:*",
"matchCriteriaId": "B6E108C0-075A-493D-B8AE-343D81BEC9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90081:*:*:*:*:*:*",
"matchCriteriaId": "CA614153-4E29-45AB-BBC2-9BA0CDAD4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90082:*:*:*:*:*:*",
"matchCriteriaId": "F95B1920-005C-494C-A9A9-C72502E45723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90083:*:*:*:*:*:*",
"matchCriteriaId": "DA3C51B7-B8A0-42F4-ADC9-C949B610EE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90084:*:*:*:*:*:*",
"matchCriteriaId": "180D4816-E5D0-406B-B289-4B1984250B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90085:*:*:*:*:*:*",
"matchCriteriaId": "57883D51-1188-4C14-B2EF-26FD4B156526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90086:*:*:*:*:*:*",
"matchCriteriaId": "D5A59B7E-74CF-425F-B814-313D5F1F7670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90087:*:*:*:*:*:*",
"matchCriteriaId": "327F6B11-9176-4791-96D0-FAD8EBE9D5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90088:*:*:*:*:*:*",
"matchCriteriaId": "5E057023-0175-4DB5-98A4-942FB81AF59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90089:*:*:*:*:*:*",
"matchCriteriaId": "28E12A60-CEB6-46BD-A4E8-48651A651E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90090:*:*:*:*:*:*",
"matchCriteriaId": "25FA111C-01EA-49CA-BF67-A8C8C9A6E415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90091:*:*:*:*:*:*",
"matchCriteriaId": "855DD295-DB63-4AF1-8C5A-0904BF049658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90092:*:*:*:*:*:*",
"matchCriteriaId": "CDFE095C-C659-44BE-9740-C8B712165912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90093:*:*:*:*:*:*",
"matchCriteriaId": "FFB28D66-83BF-4685-9015-0B30021C59C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90094:*:*:*:*:*:*",
"matchCriteriaId": "9B82AA92-96B6-4841-BAC0-AA1487CBEB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90095:*:*:*:*:*:*",
"matchCriteriaId": "81A65567-42E6-416B-8FB0-2571FDF60207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90096:*:*:*:*:*:*",
"matchCriteriaId": "2193F4C6-5679-487B-82B8-C55A874ED5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90097:*:*:*:*:*:*",
"matchCriteriaId": "124CB5EC-44C1-4136-B495-053F2299E59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90098:*:*:*:*:*:*",
"matchCriteriaId": "A183735E-12AF-4692-A228-FE3B1169ABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90099:*:*:*:*:*:*",
"matchCriteriaId": "3C1C57BB-73A7-4B48-B99C-A18E1CE55553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90100:*:*:*:*:*:*",
"matchCriteriaId": "020F4E45-45D2-4F1A-BAF8-8C61F45F5770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90101:*:*:*:*:*:*",
"matchCriteriaId": "039F68D9-A36A-44BE-A457-790ECCB20FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90102:*:*:*:*:*:*",
"matchCriteriaId": "23BDB028-FCCE-4A9D-887B-6A6F8166CFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90103:*:*:*:*:*:*",
"matchCriteriaId": "5210BAA8-2ECC-49AA-8408-815433DC28D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90104:*:*:*:*:*:*",
"matchCriteriaId": "C8DC19CC-3F95-4753-8037-FB627D1D6167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90105:*:*:*:*:*:*",
"matchCriteriaId": "93F07AFE-4E9A-4001-A17A-606A7B5E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90106:*:*:*:*:*:*",
"matchCriteriaId": "06B25C38-DE86-4F3E-918E-BC70FCC0054B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90107:*:*:*:*:*:*",
"matchCriteriaId": "E3F2E0E6-01D2-418D-872E-B117259E990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90108:*:*:*:*:*:*",
"matchCriteriaId": "41D80E46-35FE-45E5-96D6-28691C0847DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90109:*:*:*:*:*:*",
"matchCriteriaId": "4D7768DA-1111-4557-A0D6-D3A74AC7FA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90110:*:*:*:*:*:*",
"matchCriteriaId": "B3001463-3729-4216-B420-602A11C74244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90111:*:*:*:*:*:*",
"matchCriteriaId": "9A68EC19-3A57-41C4-90FA-CB1BF20EB8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90112:*:*:*:*:*:*",
"matchCriteriaId": "193913B2-25D1-4779-B7E6-ACC5992AFC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90113:*:*:*:*:*:*",
"matchCriteriaId": "E7AA77AA-E00E-4125-A698-12B30434F632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90114:*:*:*:*:*:*",
"matchCriteriaId": "229FBCFC-2810-44D1-9687-A7C060F6F9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90115:*:*:*:*:*:*",
"matchCriteriaId": "99C3BBC2-F1D3-4873-A8FB-1B79A2163F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90116:*:*:*:*:*:*",
"matchCriteriaId": "4A06EF86-915C-4D09-965B-3A9D4DFC96B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90117:*:*:*:*:*:*",
"matchCriteriaId": "3D67F80D-E999-4E46-8386-8122DC17DBCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90118:*:*:*:*:*:*",
"matchCriteriaId": "2593B38A-1281-41C9-B065-E6EFDF6BD71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90119:*:*:*:*:*:*",
"matchCriteriaId": "B61541E8-5818-475B-9E54-C45C71C14A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90120:*:*:*:*:*:*",
"matchCriteriaId": "84DE1BA0-8C36-44DF-91A0-96EA6EF736D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90121:*:*:*:*:*:*",
"matchCriteriaId": "BB2F2DEA-5E03-442E-A46B-B6C218BF3273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90122:*:*:*:*:*:*",
"matchCriteriaId": "CCEFA415-47D7-4DA2-B541-DD0B67AF30A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90123:*:*:*:*:*:*",
"matchCriteriaId": "B147B06A-969E-4541-A863-DF4045D39527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B20C46B3-C23E-42AF-BA81-117B8541171B",
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90012:*:*:*:*:*:*",
"matchCriteriaId": "A897E8C8-6058-4BEC-BF00-3E8614238E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90013:*:*:*:*:*:*",
"matchCriteriaId": "8B39A3B3-5B9E-4B31-9CE2-3625EA9C9AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90014:*:*:*:*:*:*",
"matchCriteriaId": "FBF5AF44-E30B-4948-B0E2-42EE062DC3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90015:*:*:*:*:*:*",
"matchCriteriaId": "356F078A-9887-423A-8BA7-74201DE109F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90016:*:*:*:*:*:*",
"matchCriteriaId": "9B8887A3-14C6-4DFB-9EBF-35966B4E6158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90017:*:*:*:*:*:*",
"matchCriteriaId": "3A0FE6B3-E037-45F4-A907-51CD99E7B8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90018:*:*:*:*:*:*",
"matchCriteriaId": "250CFA85-89C5-4F75-AF0F-BEA9C816E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90019:*:*:*:*:*:*",
"matchCriteriaId": "85B8B8F4-951D-446C-A8F8-EEBDC385D83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90020:*:*:*:*:*:*",
"matchCriteriaId": "288C8246-7367-4D10-A0D4-5426B7EA17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90021:*:*:*:*:*:*",
"matchCriteriaId": "59326535-A08E-4588-BAB8-9DF094FB61F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90022:*:*:*:*:*:*",
"matchCriteriaId": "077B9DBD-190C-4F20-BD3A-64D6887B7930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90030:*:*:*:*:*:*",
"matchCriteriaId": "0587320F-C57E-41F7-B31F-1EA52ED234B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90031:*:*:*:*:*:*",
"matchCriteriaId": "0911BEEC-A6E4-440C-8217-A7FAAC1D3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90032:*:*:*:*:*:*",
"matchCriteriaId": "A9D9805F-4F6B-4A15-A444-3B6538BCDDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90033:*:*:*:*:*:*",
"matchCriteriaId": "48901205-BDE9-4CBA-9E3B-779D949CBF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90034:*:*:*:*:*:*",
"matchCriteriaId": "69539391-6C6A-498A-B952-D4F12C2FEC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90035:*:*:*:*:*:*",
"matchCriteriaId": "4A36B8AA-987B-4112-8B67-5BC306F9CF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90036:*:*:*:*:*:*",
"matchCriteriaId": "96E9422A-CA9D-4BC8-90DB-3E3A1966E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90041:*:*:*:*:*:*",
"matchCriteriaId": "11A2E17D-3B33-4531-B78B-156BC2C7E53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90042:*:*:*:*:*:*",
"matchCriteriaId": "4C34129B-5A15-4BE9-BB15-66101A5EAB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90043:*:*:*:*:*:*",
"matchCriteriaId": "DA9A87D7-0707-4321-B5D2-2B4CBC66E838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90044:*:*:*:*:*:*",
"matchCriteriaId": "C2C06D73-9BEA-4604-BE73-3CE8A2DDD52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90056:*:*:*:*:*:*",
"matchCriteriaId": "DAA7B941-6FE6-45CA-931D-6414DFEA9B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90057:*:*:*:*:*:*",
"matchCriteriaId": "F7EEEF6C-DD29-4E6F-BED7-AE10184C2F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90058:*:*:*:*:*:*",
"matchCriteriaId": "D36AD9EC-82D0-451B-ADD4-1EEC0FDC389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90072:*:*:*:*:*:*",
"matchCriteriaId": "F68164FC-9A09-4145-97B8-99EE5532E6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90074:*:*:*:*:*:*",
"matchCriteriaId": "2FB5646D-11C7-4878-9471-4F6D483CE979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90075:*:*:*:*:*:*",
"matchCriteriaId": "BBC0A0C3-C33E-46E9-A099-A5A66F576138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90076:*:*:*:*:*:*",
"matchCriteriaId": "76584957-0388-4421-8336-75EE90D00349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90077:*:*:*:*:*:*",
"matchCriteriaId": "05C542D5-7E3A-46E2-8CB6-A13159EFA4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90078:*:*:*:*:*:*",
"matchCriteriaId": "7E7BF415-29D3-4BD0-8613-317D7EC7C992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90079:*:*:*:*:*:*",
"matchCriteriaId": "7F046602-4595-48C8-83F5-A43FD501003F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90080:*:*:*:*:*:*",
"matchCriteriaId": "FC5B464F-D327-4181-A911-2E3683B914B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90081:*:*:*:*:*:*",
"matchCriteriaId": "025D8F22-968F-44B6-83E1-13DAB7A514A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90082:*:*:*:*:*:*",
"matchCriteriaId": "F9F60549-59CE-47D0-BF2A-91B84A0B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90083:*:*:*:*:*:*",
"matchCriteriaId": "6F982139-0EDC-411C-A074-A29963DCA328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90084:*:*:*:*:*:*",
"matchCriteriaId": "FBED4ED7-E991-48D0-AE27-71F9DEA5EDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90085:*:*:*:*:*:*",
"matchCriteriaId": "8C6BE721-D851-406E-9AAF-01F9A9E15ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90086:*:*:*:*:*:*",
"matchCriteriaId": "F1D6E935-53D3-462D-9DD8-91BFEC90BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90087:*:*:*:*:*:*",
"matchCriteriaId": "E580F0AB-B840-4293-8639-4B7DD7981EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90088:*:*:*:*:*:*",
"matchCriteriaId": "2CC8FE34-A5C9-4EF7-AA05-BEE403AB3B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90090:*:*:*:*:*:*",
"matchCriteriaId": "A80444F6-755F-4FE3-96B3-744A842D40AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FC79-6554-4B68-89EB-D7A8422C7406",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "94F878CC-E691-41E9-A90D-72EA25038963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*",
"matchCriteriaId": "6D1EA156-BD95-4AAA-B688-0CD62CCDB60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*",
"matchCriteriaId": "8033E51C-D261-4A12-96CD-AE1F13BFD2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*",
"matchCriteriaId": "9EE1E1E6-ED1C-443A-A576-AD47D65082B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*",
"matchCriteriaId": "3E283214-CE6A-4CD6-9E9B-7BF09C37447D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "8FF84A5E-C43B-4637-B725-1087D2057EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*",
"matchCriteriaId": "25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*",
"matchCriteriaId": "46E32091-F91D-4706-A4F9-DC658CF36A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*",
"matchCriteriaId": "AC7D1106-6708-4A84-A077-286376C72AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*",
"matchCriteriaId": "071B3368-D7C2-4EE1-808F-1F4A3C3A4756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*",
"matchCriteriaId": "4E9D5882-91D6-4E9D-AD8B-F3861D987826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*",
"matchCriteriaId": "17931D40-369C-430F-B5ED-FAF69FAA0E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*",
"matchCriteriaId": "02B4D022-BC43-4041-BA2B-60A6D42AD150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*",
"matchCriteriaId": "15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "5ED17849-BC14-4996-9DF9-7645B1E17374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*",
"matchCriteriaId": "D91F6CC5-EDBE-420F-8871-03B8D10254B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*",
"matchCriteriaId": "E82C682C-9F61-45B7-B934-8D6DDBA792AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*",
"matchCriteriaId": "2FC7728B-9FFC-4A8F-BE24-926B8C2823AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "78BE6CCE-706E-436B-A6E6-26E7D044B209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*",
"matchCriteriaId": "8BD54A67-C531-4642-90D4-C6E402D55AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*",
"matchCriteriaId": "9DF164BD-EF39-42E2-807D-F298D68A8D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*",
"matchCriteriaId": "5D85766D-1BAC-4477-96D6-EA989D392128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*",
"matchCriteriaId": "CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*",
"matchCriteriaId": "16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*",
"matchCriteriaId": "F3D18E27-EE06-4555-A675-1BAC7D3DD8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*",
"matchCriteriaId": "0FEFDFF7-5538-4C53-922A-A5E71A0D643E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*",
"matchCriteriaId": "02463016-7156-470F-8535-EF4C7E150546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*",
"matchCriteriaId": "8DEB616C-2DDC-4138-B6FC-8B2680D35485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*",
"matchCriteriaId": "D51E7B22-9293-4086-B143-2D279597A5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*",
"matchCriteriaId": "BB4D8585-6109-45C0-94B4-667D11F0509F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*",
"matchCriteriaId": "97CB62BA-09FA-446D-A8CF-958980B67F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*",
"matchCriteriaId": "F871111C-4B61-4C50-ABDA-78D8D988DCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*",
"matchCriteriaId": "9950CFB9-FCDE-4696-97AF-251467270375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*",
"matchCriteriaId": "B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*",
"matchCriteriaId": "56BCA911-733C-4F8C-B3CD-22F3E6CA1F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*",
"matchCriteriaId": "A1281E75-AC6D-4077-9207-7CA7E5BCB1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*",
"matchCriteriaId": "CC052CBA-2B37-4E84-978D-36185EE1A3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "72CC7428-8DD0-45DB-8D80-C02CD9B6CB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*",
"matchCriteriaId": "0C1691B0-FA38-4A29-8D49-D99A675C122A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*",
"matchCriteriaId": "194ACE61-101D-40C3-9377-12039533AB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*",
"matchCriteriaId": "86428D44-03BC-4528-ADB5-3AC05231759D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "B694D0FC-320A-44F9-9FFB-0706CDD3004C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*",
"matchCriteriaId": "BE298317-10EE-4A34-B4D0-8D03B727A75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*",
"matchCriteriaId": "B0A1B243-163D-461B-BEAB-81E6E2DB36EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*",
"matchCriteriaId": "5E86C3A0-700E-4CB2-AFDC-F203C61D413C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*",
"matchCriteriaId": "A550184D-13BD-4F2A-9DE5-AC66B496FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*",
"matchCriteriaId": "538BCF38-69B6-4686-B1F1-82B10175CCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*",
"matchCriteriaId": "F29A6AE3-B864-4552-9BE9-074CB6935B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "7CD2AB8D-F638-48E0-A5D6-1E969F9998B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "76528168-A54D-4398-B558-6DC27ACCBFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*",
"matchCriteriaId": "6C1DCA3B-41B8-402B-B5E8-2C3494C36B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*",
"matchCriteriaId": "531A9E5C-9C45-4982-8ADE-5B41CE5F5B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*",
"matchCriteriaId": "FA70F031-A7EF-49F5-A1F6-C3DD33198D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*",
"matchCriteriaId": "5DF093BF-830B-4C9A-A4B2-41C7811E4EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*",
"matchCriteriaId": "AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*",
"matchCriteriaId": "A2176672-0E34-4B46-9202-483F1D315836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*",
"matchCriteriaId": "FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "94AF723B-F1B7-44A8-B654-7C10881A6AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "0C65E8BE-968F-4AB8-BD3F-A123C66E576A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:*",
"matchCriteriaId": "9A4C70B1-A902-4835-BFFC-692CA91C1317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "06FE113C-94B6-419B-8AA0-767EA74D11ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:*",
"matchCriteriaId": "C30413D5-7F5B-47EE-825E-CEEF69DAC5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:*",
"matchCriteriaId": "57DA6C66-3235-4923-89D0-EF093FF4126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:*",
"matchCriteriaId": "82307372-C2CF-4E19-9D1D-7D33FCCE8F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "A5289D80-1C75-4819-B615-8259B25B1E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:*",
"matchCriteriaId": "25CC8F8B-9072-41E3-8045-25D12EE22427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:*",
"matchCriteriaId": "6000E214-BF19-469C-A7CA-CC91465B2CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:*",
"matchCriteriaId": "1AA9EA4B-DD82-46E7-9C44-77AC076F61CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:*",
"matchCriteriaId": "50E697EA-0A78-477D-B726-AC54EE868244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:*",
"matchCriteriaId": "E64AAB62-43C4-4284-B2AA-1DC55B972803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125346:*:*:*:*:*:*",
"matchCriteriaId": "E3A43E19-D06D-4856-AA55-02B8148EAB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125358:*:*:*:*:*:*",
"matchCriteriaId": "310C491E-92CE-4EE8-9CDE-70640DE9CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125359:*:*:*:*:*:*",
"matchCriteriaId": "A82217B5-0A11-4BE6-ACEF-991B2DFE53D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125360:*:*:*:*:*:*",
"matchCriteriaId": "7C69DA1F-F0A3-4E9F-96E2-F7A4E9B876C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125361:*:*:*:*:*:*",
"matchCriteriaId": "033944E6-8A01-4566-81C4-2B76F10C2839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "3D969C61-1F9A-4B97-B6DA-04F84E3E2936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125364:*:*:*:*:*:*",
"matchCriteriaId": "9984754B-1FA5-4CDF-AFC3-BD97C6C6B177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125366:*:*:*:*:*:*",
"matchCriteriaId": "718427DB-57A7-4AB0-AA4C-7716E5A5F084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125367:*:*:*:*:*:*",
"matchCriteriaId": "CD43B869-6A7F-461D-A870-448C91FB7A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125375:*:*:*:*:*:*",
"matchCriteriaId": "98DD8376-4B21-4024-878D-DB74D1FF7A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "5E8B8FBA-39ED-4E7A-AA1C-A6C15E8C92B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125377:*:*:*:*:*:*",
"matchCriteriaId": "4742B198-8630-4A45-AE87-6731BF56081A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125378:*:*:*:*:*:*",
"matchCriteriaId": "3782ABA4-5247-4349-8CD8-BCE85B98D44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125379:*:*:*:*:*:*",
"matchCriteriaId": "C39E5DB9-1B75-4204-9B24-70F6294F1F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125380:*:*:*:*:*:*",
"matchCriteriaId": "F9459981-3E65-489C-9A70-B582EC9C8BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "BF90B539-9180-4A96-9E2F-F35DCA6DD720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125382:*:*:*:*:*:*",
"matchCriteriaId": "2A6D1150-602E-4006-9F6B-10C6649AC05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125386:*:*:*:*:*:*",
"matchCriteriaId": "FB168E3D-63AB-45D7-AAC1-2D01CD6956F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125392:*:*:*:*:*:*",
"matchCriteriaId": "B8DCEAE6-AAE6-40B0-83B2-A579A6BF9854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125393:*:*:*:*:*:*",
"matchCriteriaId": "FCFEA624-968F-4A0F-969D-2190B1269EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125394:*:*:*:*:*:*",
"matchCriteriaId": "64F9D21C-AC05-4629-864F-85AFA3789739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125397:*:*:*:*:*:*",
"matchCriteriaId": "07E47F97-63EC-4BF1-AE54-3B510B66202D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125398:*:*:*:*:*:*",
"matchCriteriaId": "160765FF-9A56-4072-9580-C6DCB573B061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "F1EE56C3-5F42-4D2C-AEC0-035078DAE445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125405:*:*:*:*:*:*",
"matchCriteriaId": "16593100-F288-4013-BF48-48CA482FC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125410:*:*:*:*:*:*",
"matchCriteriaId": "5BCA02F3-EF72-4F28-9ABB-D75EB6CE3338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125411:*:*:*:*:*:*",
"matchCriteriaId": "D8052948-7F5B-4E63-B1B7-B244D6A0AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125413:*:*:*:*:*:*",
"matchCriteriaId": "B6359934-CA70-4A8A-99E5-806555900EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125414:*:*:*:*:*:*",
"matchCriteriaId": "83BAAE61-540D-4E36-8B63-2438EC3B1479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125415:*:*:*:*:*:*",
"matchCriteriaId": "008A2BF2-E18B-492F-9DFF-19618F998664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125416:*:*:*:*:*:*",
"matchCriteriaId": "5023E77A-908C-41AE-ADC7-580F44ADC376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125417:*:*:*:*:*:*",
"matchCriteriaId": "797D16E7-484D-4793-9040-74B815DC52B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125420:*:*:*:*:*:*",
"matchCriteriaId": "7D923373-B575-44C8-9B4D-DB824EC59B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125428:*:*:*:*:*:*",
"matchCriteriaId": "B88917EC-3ABB-475E-B374-272CE5272D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125430:*:*:*:*:*:*",
"matchCriteriaId": "BD457A1B-023A-42CF-ADED-648A061AAAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125431:*:*:*:*:*:*",
"matchCriteriaId": "9B9E22A4-676A-4D75-850F-15E5EC9A2911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125432:*:*:*:*:*:*",
"matchCriteriaId": "4E6BA9C0-59DB-49E5-826E-1CA885FA28CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125433:*:*:*:*:*:*",
"matchCriteriaId": "95715B71-FA63-40A2-9EA6-56250318FC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125434:*:*:*:*:*:*",
"matchCriteriaId": "2591F23D-DB1F-44B0-B67A-13483408DE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125437:*:*:*:*:*:*",
"matchCriteriaId": "E4F035FB-54A9-47C0-8896-174A742E23B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125446:*:*:*:*:*:*",
"matchCriteriaId": "34B52052-FBFC-4803-B999-448A9385B613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125448:*:*:*:*:*:*",
"matchCriteriaId": "A1F97594-BF89-4B5D-B1CE-706708891450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "A436DAC3-05F7-48DE-A2E2-0084AE31D9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "544961BA-03CA-49D6-AB7C-CFF597B3BB8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "9CDBD0CB-8495-44A1-BF9B-29A195D9F718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "73B5365C-92ED-41CC-9B05-8BB1FE21F3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "B652092E-570C-4D4E-A133-627426C50F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "DC13FB20-119C-47F9-870D-399811661896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125457:*:*:*:*:*:*",
"matchCriteriaId": "BC457292-04FE-4643-8F1D-05DAEF3F70BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125466:*:*:*:*:*:*",
"matchCriteriaId": "29CBDA2B-5A6A-4DB0-AC37-EAD8E05B55BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "CD266A0D-E726-4BC7-B3B9-6E3176415188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125468:*:*:*:*:*:*",
"matchCriteriaId": "046B7B6F-85DE-4BDB-8860-ECA208C4D697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "C60E51D9-A842-49FF-8793-84C074DBE5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125470:*:*:*:*:*:*",
"matchCriteriaId": "753B2FC9-342B-4456-85D9-27734BE7C6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125476:*:*:*:*:*:*",
"matchCriteriaId": "BE930B14-4B22-4299-8DE8-7625342FC4E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "45B93007-AD6A-4978-9752-41DF72D34A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "863CBACB-F9A3-44AC-B795-C2C0EB5C9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "AB28B644-BFD0-4588-B544-A139B26DDDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125486:*:*:*:*:*:*",
"matchCriteriaId": "944F7C2F-53D4-4933-BD63-DF15C5A5CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125487:*:*:*:*:*:*",
"matchCriteriaId": "F6D0F0D1-7DF5-4C8D-9B31-B347E5A567DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "870A721F-2991-4041-AB1D-DE3D953B8669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125489:*:*:*:*:*:*",
"matchCriteriaId": "4F7FC0E5-8D0D-45CF-AEFA-180B79BC8B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125567:*:*:*:*:*:*",
"matchCriteriaId": "7D394493-D690-44F0-B3F0-FD39E46F31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "AF8CBF57-EF1A-4C84-879B-1A4035F4236A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125587:*:*:*:*:*:*",
"matchCriteriaId": "2F1E924E-8896-41CE-82E2-F22943A02FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125588:*:*:*:*:*:*",
"matchCriteriaId": "FB058840-E3D0-45FA-B95F-3445A7719118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125589:*:*:*:*:*:*",
"matchCriteriaId": "FD9B23C4-3458-4E6C-B1AB-D4A36BE8FFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125597:*:*:*:*:*:*",
"matchCriteriaId": "D2A7AA89-7233-4624-894A-B2B996D1D270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125598:*:*:*:*:*:*",
"matchCriteriaId": "B6B402ED-8B64-4FB0-B9E7-76E499A4115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125599:*:*:*:*:*:*",
"matchCriteriaId": "4E8B01F2-0A03-48CF-8BAE-556A9C3D88FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125601:*:*:*:*:*:*",
"matchCriteriaId": "3C07E022-B75C-4491-8A30-9A1532D0472C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125603:*:*:*:*:*:*",
"matchCriteriaId": "00E92DB5-8D53-4129-92D0-AD1DA0F1FEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125604:*:*:*:*:*:*",
"matchCriteriaId": "913CD99C-8F47-47BD-BD7C-33762861BB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125605:*:*:*:*:*:*",
"matchCriteriaId": "67B7F52E-7D7A-4AA9-9241-FFCC3DD49BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125611:*:*:*:*:*:*",
"matchCriteriaId": "D02650C3-1A7F-4889-B6CB-11994054B5F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125612:*:*:*:*:*:*",
"matchCriteriaId": "01FEA1CA-351B-4E2B-A78E-60338682F97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125613:*:*:*:*:*:*",
"matchCriteriaId": "04C9E097-FE04-42BD-96C8-2A3A9FD50B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125614:*:*:*:*:*:*",
"matchCriteriaId": "94F895DB-C865-4AED-A1D9-CE69C0EF52FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "8B565B12-283F-4323-9C88-FD3CF5646DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125616:*:*:*:*:*:*",
"matchCriteriaId": "9FDC3394-293E-44CF-A83F-FE047A4E4DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "01846F8F-D7D6-4CD9-B83E-41B70C691761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125628:*:*:*:*:*:*",
"matchCriteriaId": "CAE013FC-357D-42DA-B223-D40B3C813089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125629:*:*:*:*:*:*",
"matchCriteriaId": "E4BA87E9-5E37-41EE-835C-13F68ABC9C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125630:*:*:*:*:*:*",
"matchCriteriaId": "D2034E17-2DB9-4229-B7D4-D14761CEE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125631:*:*:*:*:*:*",
"matchCriteriaId": "39FBAFB9-5703-4EEA-BFF3-45B958E0805F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A02A7E-02A8-4B74-AA9F-3DA0492748EF",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "24B04D73-0C55-49A8-B599-27C8C04948C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:*",
"matchCriteriaId": "97E74846-1666-4773-910D-77E0E19A7FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:*",
"matchCriteriaId": "BB90B809-9D97-469F-B8F6-41B4AEAA2D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "423C8618-9F3B-4B83-902C-FF01027EC54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:*",
"matchCriteriaId": "7E974B56-7A00-4582-AF8B-0D09B94477BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:*",
"matchCriteriaId": "7B6F8404-F624-41AA-BE8D-170D843EC290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "D0FF81E5-2134-4F45-9B39-2E3D5208BB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "0D5DA95F-7C0F-4D05-BD35-DED356D01692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:*",
"matchCriteriaId": "2B3A3EC3-DF7C-41A6-884C-C7C13D41B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:*",
"matchCriteriaId": "89EE3E31-8F55-4E44-8522-A32D6887AE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:*",
"matchCriteriaId": "979ED7B4-FAE3-4E98-A303-290E498FFD81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:*",
"matchCriteriaId": "EDC62E2F-AB97-4008-A52B-9CDC341A06BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "93DF7023-22AE-4A84-8734-06239013C10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:*",
"matchCriteriaId": "2A128BED-75FA-42F1-9171-CBAEAA2366A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:*",
"matchCriteriaId": "5298BB50-8E22-490A-87C7-7F40B7F8F7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:*",
"matchCriteriaId": "39C34F02-E413-4067-B958-86ADF89FA3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:*",
"matchCriteriaId": "A0673E69-A2DB-424C-BBF0-79D729230F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:*",
"matchCriteriaId": "4F062A20-6FFE-479B-9E64-E4771490B041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "C598244E-7483-4762-AC27-BD8036FEFE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:*",
"matchCriteriaId": "B188A792-EF1A-4292-BD91-47635706C430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "BEFACD7A-D81B-4EDC-9E38-FD93FA0DE456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:*",
"matchCriteriaId": "DF818138-079A-43BE-A8B5-5DA47FA443AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:*",
"matchCriteriaId": "27066A8F-75C4-42BF-A54B-543114B92995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:*",
"matchCriteriaId": "A239C6F8-3FC0-4510-B33F-14B25908E68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:*",
"matchCriteriaId": "E8399E84-1344-4472-91F3-F63255911876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:*",
"matchCriteriaId": "8888C77E-04A7-4C34-B497-504F6217E07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:*",
"matchCriteriaId": "7502D92A-3B51-4A76-88D6-E2D76A584075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "7E465A5F-C8B0-4AD0-8D6D-4823C5F8153D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:*",
"matchCriteriaId": "DBA622D6-CD85-4F0F-8CC3-39FE29754039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:*",
"matchCriteriaId": "A0D2828B-B897-4F1D-B657-436DB3CAC2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:*",
"matchCriteriaId": "98279B6E-8361-45CA-8912-F06972F4BD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:*",
"matchCriteriaId": "A7D879C8-E89F-45C1-9609-80B737080AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "3D8FD2DE-18D9-4F50-9256-672435059876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "F01FEA58-BE5B-4CEC-831D-3BF05A20688D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039C6DE6-DEA2-42E9-AE55-322E8E6B048C",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "55EA00B6-DE5D-4DE4-85AC-38A1216B4923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "BC4DF055-45CD-4B83-A7BA-59D6E46BD4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125119:*:*:*:*:*:*",
"matchCriteriaId": "F9B51EF5-800F-446B-9F2D-47D45445E73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "C4C2087D-1B7B-4DA4-8288-D5366BC9735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "B8FE0307-3CA7-445E-BA42-27D65C298E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "F6F9CB58-3B55-4E6F-AE24-D16552EE3614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125138:*:*:*:*:*:*",
"matchCriteriaId": "006DB16B-34C4-4359-96A1-381F7C66BF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "7EFE37CC-58F5-4B08-95C2-D9DAFC8D9C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125162:*:*:*:*:*:*",
"matchCriteriaId": "4F102286-1D21-48AB-A1B4-ADB5A4D3EEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "7DDD3297-57ED-40D4-AC54-4484A3E9C633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "8F467A89-13F7-47E9-8285-041DB3F33603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "E8C93717-4E5A-4686-A83F-A7D4AC732144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "5A15AF17-8500-4102-AF1C-897360BB985C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "D9B364E3-45C1-4C71-BB6D-9D831449CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "4CCB49B2-4AA1-4223-98F0-1E0872566BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "5D0A19E8-F0B3-446D-B991-C63657BC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "1C7CD9C4-861D-42C0-9209-0843613F94B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125363:*:*:*:*:*:*",
"matchCriteriaId": "AD44F42F-709B-4FBE-B9C7-9944A874D489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "23C53DA5-F50F-4FA5-AF8B-4EA174BB4E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125395:*:*:*:*:*:*",
"matchCriteriaId": "199EE3C2-2D58-4777-8592-D000D135E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "0CE514D6-6C6A-4DAD-8DB2-FA1F12FFAFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125412:*:*:*:*:*:*",
"matchCriteriaId": "461FD5FC-2D14-44FC-88F0-783EDDD63483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "65FD6158-1B99-4C17-A167-41D6B1CD62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125449:*:*:*:*:*:*",
"matchCriteriaId": "188123C8-7E72-4690-A322-888BED90FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "2BF85206-863D-493C-88F4-15B0BA5276A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "3C9DE996-1DEC-4AF0-89FD-1E3DA3967BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "75FF4D85-97C8-4DF4-ADE6-EDE8EC2DD5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "9CAC6467-19F7-4CB2-A5FC-B57A14F4636C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "60EB56E2-7367-4488-A00D-41464E86B06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "3E315636-0897-4421-882D-E8196F7ACAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "EE609902-17AF-491B-8749-C8AF4E0A8241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "6EFF6295-3F73-448D-8109-453E0DFD2002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "35A535BC-644B-4B10-8F66-779FAF503683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "DDD4AA74-4B07-44A1-A32F-88B0B1E90ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "52203983-0CC9-49DB-B100-49CD9F5CE688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "095362BF-69CD-458F-8A44-E3D6AFC8C41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "65F6F508-F0BF-4821-8B50-24A9B652522E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125564:*:*:*:*:*:*",
"matchCriteriaId": "4044EE7F-268B-4CC7-9982-80766BE5790E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "6F87A77C-E40F-4DDE-9260-FCF12B237FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125581:*:*:*:*:*:*",
"matchCriteriaId": "51CF193E-D5A6-423A-A5E2-B0ACF4B002E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125596:*:*:*:*:*:*",
"matchCriteriaId": "7C10F5A0-6FFE-4907-8A61-61CF11FC7A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "6B3F637D-3724-4314-BCC7-A6A06040DF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "18598449-D0EE-445F-BA6A-2CD658DAF4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125657:*:*:*:*:*:*",
"matchCriteriaId": "6DC52F3E-EC5F-404B-ABD7-615B8AB522A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*",
"matchCriteriaId": "E3552F71-C708-41A4-9168-5673C086F507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1DA3A9-36FB-4BCA-AEEC-231A2C3127D0",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "0BA30C26-D3D8-447C-BD7A-9BC166C8BF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "162E0203-17E1-427E-A351-33F75E8FE5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "61FB54BF-7A8F-4EE5-AF42-15E2B69E9DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "764139C9-FF6A-4BE0-BAF3-52F403C41393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "3D9805F6-1A56-4FBF-8F47-DAA80E4DE9FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FF3515-61C7-4A7A-9781-6D4A0340B2EC",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "77AA96FD-5AF0-4F80-8402-BAB460FF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125003:*:*:*:*:*:*",
"matchCriteriaId": "3095B4D1-170A-48B0-8C4A-7A7A54E42149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "8CE4267C-DAAE-4CEC-A6E3-D2213AA5EE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125109:*:*:*:*:*:*",
"matchCriteriaId": "92EB7DC6-F227-40B3-A093-4D9495BBE272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "40C478D3-7C1C-4FCE-99FA-976EE2754680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "DE6C88E4-D382-4729-AF5D-5697DCE26A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125122:*:*:*:*:*:*",
"matchCriteriaId": "6447F4D8-0943-4C8C-BBA7-42BECC181D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "422B8CB6-3A14-4452-9192-F4CD5BF5D030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125141:*:*:*:*:*:*",
"matchCriteriaId": "41AB6C1A-CBEC-4DC1-94A4-9D14E82BA542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125142:*:*:*:*:*:*",
"matchCriteriaId": "6A2C060F-770B-4245-8490-5D2EB970FCA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "16E635CC-1591-4535-89EA-B8470BD885F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125150:*:*:*:*:*:*",
"matchCriteriaId": "D5F9E623-A42D-446D-ADDD-5F3C8F7BD9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125160:*:*:*:*:*:*",
"matchCriteriaId": "1E235AF0-4453-4439-A25D-FF78A89BB117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125179:*:*:*:*:*:*",
"matchCriteriaId": "620E40E9-9D83-4E14-8898-10C0718B1A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "1D72F651-BD8C-4564-AC1A-84A91F21EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "19DD9FF2-583B-4079-9375-E1643FF9A54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125200:*:*:*:*:*:*",
"matchCriteriaId": "69EDC39C-68EE-488D-B740-9E45229BDF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "EC374820-208A-40EF-965C-50C19467BD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "397B1FAC-EB6E-4F17-B5D7-CBD47D581DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125217:*:*:*:*:*:*",
"matchCriteriaId": "E771BCA5-9E65-4C8B-BF36-E90F641D2015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125221:*:*:*:*:*:*",
"matchCriteriaId": "A658460A-FAE0-4487-8CD6-FB3384664F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "6F104D17-7D08-42A5-BAF3-DEA475308FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "9F875BFA-18C2-42BF-8BC4-D02E15B395E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "3BBD9D22-7E92-4648-972E-E17D9472E08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "7219F9A0-CD1D-4BB4-A5E1-FA0495B49114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125361:*:*:*:*:*:*",
"matchCriteriaId": "0CBB0F67-9C81-44BC-9836-DE5FE40DDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "6D7C0250-52DA-423D-B061-0CDF39D15068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "6FC34D3F-FED3-4266-AB29-98FFC2002507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "DD1460AC-A719-4B75-B28B-748B6C262A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "B9024FE1-536C-4180-8115-6D97E7C324D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125410:*:*:*:*:*:*",
"matchCriteriaId": "8CD6EB21-3DC6-47A7-939A-AA3C8EFE278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "3A5911F7-7A45-499D-B345-D9C082932BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125447:*:*:*:*:*:*",
"matchCriteriaId": "CBBD7A90-4F97-4DFD-B8E6-F24A9B72A1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "87C6DCE0-5F40-4F50-8538-29CFF2DCC9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125464:*:*:*:*:*:*",
"matchCriteriaId": "BECA9FA7-887B-4ECC-AA23-F75F96E42CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "CFD6D448-337E-4A63-8BE2-4DFC50AE7413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "33F2625D-0750-4ED1-8BA7-8141D8B7FB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "A7D6DD58-62F3-4727-9AC1-E6B5EA71BB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "33991587-174F-48D9-821D-BF44CF24924D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125484:*:*:*:*:*:*",
"matchCriteriaId": "18B8D15F-0286-4D64-96F8-D213E241813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "EB8483C1-6586-4936-8BF8-ECE3F0F4D5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "A9318551-C41F-46E9-A196-5C01EAE276F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "5030E129-0401-457B-B4FB-974AD5A0A948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125557:*:*:*:*:*:*",
"matchCriteriaId": "74DAFF5A-7090-427F-A69E-2E90456485C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "8EB26A23-108E-4F39-84E3-2F1C197C8CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125582:*:*:*:*:*:*",
"matchCriteriaId": "DF57D557-B1B9-4B2E-81A5-B23C1A8521E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125605:*:*:*:*:*:*",
"matchCriteriaId": "E37E20B2-B678-45C1-9EF9-7D65172B485F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "722042FB-CFE5-4DE8-A196-65D2E035378F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "17CC4F0C-E69E-4FA5-8119-D71AD9C13E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125621:*:*:*:*:*:*",
"matchCriteriaId": "B8DA03F6-8EF8-48E1-B4CF-A2B0CB6F1DEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50FB7952-0CED-4A64-A435-D588CA661630",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "8343B084-2009-44F2-B36C-C66719BBB1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "2574DD71-36A4-47AE-ABC3-D05D36FF8F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "B9D787C9-F37B-4193-A34F-080F7410BFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "55FB4705-D709-42F0-A562-6C5A05E00EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "4503E624-DC7F-4C5E-B715-0EC4676CA1ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340D8561-6110-49D8-BCDC-78A762FCD3E6",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "C61E9B3D-A39D-428E-A82F-5C4C225906C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "423D3372-F910-4006-9FE8-49A6B730AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125109:*:*:*:*:*:*",
"matchCriteriaId": "02B0ED3C-4729-4C70-8F06-6B507ED75BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "3CE0B4B2-CC4C-4F0F-B97E-A90C84377989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "DC2E4C62-9867-4D14-85B3-95F359BD0551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125122:*:*:*:*:*:*",
"matchCriteriaId": "5042AD90-4DF1-4A5A-9317-017102515284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "356A4F91-FA5B-4A09-841E-A380F580BA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "CBBDC611-498B-4175-9A88-5914ED6D3A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125141:*:*:*:*:*:*",
"matchCriteriaId": "10F3C9AD-9C1B-4FBD-8325-B56FCF96FFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "F4EE5C24-C4AE-4F9D-B808-8930102A1389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125160:*:*:*:*:*:*",
"matchCriteriaId": "E0F45A48-5006-4748-B683-6C7CB469286A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125179:*:*:*:*:*:*",
"matchCriteriaId": "9796C62A-8FCA-4E1E-855E-7D67F77C9AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "1A1AC2FD-91BA-4B78-BB14-B9F2CEB09071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125200:*:*:*:*:*:*",
"matchCriteriaId": "A4B99FDC-EC68-4006-B359-E845AEF72FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "240A8575-F963-4DB4-B9C6-BE584A2F8271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "B97F1BEE-F3C0-4DDD-B767-23C4BE9054AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125217:*:*:*:*:*:*",
"matchCriteriaId": "3B3482FA-9483-4EC7-9B09-E1BB63F02790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "2600FBC5-8358-4126-88F2-00F3BEE9B537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "FDD47CB0-3680-4ED9-821C-B673EACB953D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "D27B76C3-B8C8-48A6-AEF3-E9145B57EDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "6D77C576-035E-403B-A2B3-992496FAD202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "70608921-F02A-4121-BE90-919DD68DD0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "93C50660-6ECF-4353-A15A-4F7B0F06D33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "06D8864A-E6CC-4742-A2CF-B060E8DFA740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125393:*:*:*:*:*:*",
"matchCriteriaId": "D2572B3B-3BC4-4A83-92D5-8D7579821F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "0DD78F90-5231-4848-8971-9AB5ABBD2C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125412:*:*:*:*:*:*",
"matchCriteriaId": "7C94C142-168F-421C-B00B-3F42AA1CC9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "77CE4835-6540-4CF6-A31C-255DA52BB073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125447:*:*:*:*:*:*",
"matchCriteriaId": "E0544AE8-92B3-43A7-8F42-299AED1A40CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "BEC805D2-CFDC-40DE-AA70-42A91461BEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "4767BF5A-B867-44BB-B152-E2AFA63B06D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "5855C471-07AB-4A96-9631-26C6C8B01F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "5075910F-3676-439A-879A-5CBE2C734347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "20808F91-7F08-4BA9-9075-C54337EC68E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "C700CE3B-31B5-4B4D-A378-70EC26D6F88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "A05AFF4D-4EF9-4939-81CC-0AB55DA596F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125464:*:*:*:*:*:*",
"matchCriteriaId": "86C3E31F-87E2-459F-8D1B-C6D1A237960D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "A3E7FC26-0000-4D4B-B489-DF0E2CD2B13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "13E6E0F9-9D03-4665-9C89-6BE62ADCB39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "0DE52003-E959-420F-89A1-C86D8FB12DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125476:*:*:*:*:*:*",
"matchCriteriaId": "6E9C9051-7FDE-4DEE-85DC-0798524DC17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "5BE3598F-CEB4-4553-BB50-AA778BBF8BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "4C71852D-D529-469A-9111-6D4DB8381BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125484:*:*:*:*:*:*",
"matchCriteriaId": "EC3F7DA9-3FBF-4D67-8BA5-2643E706F64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "53E2DF01-9A39-4E50-BEDE-D49988CE5CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "0015664D-11BC-4DEE-BC5B-DB3D1FE8DF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "8B49F887-4574-4B3C-A8A7-57F75B27447F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125557:*:*:*:*:*:*",
"matchCriteriaId": "C1E93E4D-0E54-41DF-843A-E8AE94EAD0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125566:*:*:*:*:*:*",
"matchCriteriaId": "1617ADAD-2E13-4910-B600-3EC7E59B087C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "4E7B4955-F688-47DE-B1FF-D417EBDFF9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125582:*:*:*:*:*:*",
"matchCriteriaId": "5F982932-5513-411A-9CBF-3082C7ECEF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125584:*:*:*:*:*:*",
"matchCriteriaId": "0B5378E9-D011-4B12-8DEE-442F22789C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125585:*:*:*:*:*:*",
"matchCriteriaId": "8232CBA1-55DA-4F3C-A9E5-A204A25231C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "253569A5-4A2E-4163-88DC-C0FE6B79E06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "A30281F3-4DE2-4ED3-91A7-AE7A091C31E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9222E54C-0A7C-4828-9917-7CFD7EE8BC59",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "85778DB3-87D9-4C6A-9149-C58C45913268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "3973EC75-A70A-475A-82BB-409992F09392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "14537D55-3ABE-423C-B320-6811292620AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "FCB0BDE0-5BD3-4315-A74B-D7065ABC91BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "3E850CF4-9078-4E43-A87C-8323536E8CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "EC407852-45B1-47F4-A886-AF8B473A86D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB0C7A9-5511-4AC9-B5E4-74AAE6973E34",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "BDA5DDA4-A67C-4370-B41D-02755FCF1F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "3D99CD97-1D6B-4C67-A909-E1CE28A78E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:*",
"matchCriteriaId": "70FEC14F-A53C-437C-981A-214B867142E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "895E57EA-A8F6-425B-9D08-654E03B92B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:*",
"matchCriteriaId": "9EE0C771-B2F6-4766-82FD-203967CE37D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "0DCD6102-19F7-42D2-A81B-C85824CA351D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:*",
"matchCriteriaId": "3C2C0A08-66BF-4FDC-A209-769234438844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "8DDC3649-12A9-41F3-A27D-646B5DF05E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "4F037A2A-4B9A-4EBC-94E2-87502960FF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:*",
"matchCriteriaId": "B15E99A3-989F-4EFD-BA26-DEC6992BD1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:*",
"matchCriteriaId": "B85BF117-503B-435F-8667-481D9AC7A788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "3AC2A038-F59B-4137-B02F-4C26E2EB9152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "F605C78F-8BE4-4E02-A7FB-CA9D24AFE7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:*",
"matchCriteriaId": "15557A07-E0E9-40DB-B013-0F4AD9556BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:*",
"matchCriteriaId": "79082C84-9F25-4A63-86AF-18CC4ADF71CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "A88678CE-DB64-4D66-8F2A-3C60058DC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "88009BAC-1ECF-4BA3-855F-96C8789E476E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:*",
"matchCriteriaId": "E64F7B54-6B09-4B7E-B2AB-5EA73FD8E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:*",
"matchCriteriaId": "2B94DFD2-374C-47A9-9D54-3FDB63197FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "9B0330D9-1276-4228-BA7E-B9E3B828E5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "89736956-D05D-437B-BC7A-850AA459C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:*",
"matchCriteriaId": "63B26424-7292-4F37-B86F-2A4E0AD32B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "2D2629FB-0A83-43CC-8C83-444036D05F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:*",
"matchCriteriaId": "4CFD99D1-CB43-437B-8E7D-6712DA5C9835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:*",
"matchCriteriaId": "6FEBA58F-E5B4-4B91-B78F-620C6EB9D3BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "F9F9D406-FE99-45C0-B1C0-4DEB5E843FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:*",
"matchCriteriaId": "F4B86974-C598-4E1A-9FF0-5AF9638C1AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:*",
"matchCriteriaId": "C2838623-6F3F-417A-A644-FA226CCD8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:*",
"matchCriteriaId": "454EDD2A-E79A-4D46-B841-BE5EC12C63D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "1557A740-D19D-4220-9B3E-395EFCB86F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:*",
"matchCriteriaId": "9C7DB404-A5C7-4EDB-BCB2-079A41E31428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:*",
"matchCriteriaId": "B738952C-DE7B-4C3D-85B9-ADBEDF007AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:*",
"matchCriteriaId": "897D140C-20FF-454D-8928-B11FFC84C016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "18F93D7C-E8FC-4D4C-AEA0-C1187FB6D9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:*",
"matchCriteriaId": "2E799367-7DC7-478D-948A-17D717507DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:*",
"matchCriteriaId": "74A5591E-75A4-4ACA-9C34-4907D645AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "0C67D5FC-5965-4AC1-80A5-931BE60B5E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125465:*:*:*:*:*:*",
"matchCriteriaId": "139E25D9-A4C8-4041-ADF7-4618DFEEE8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "6A65F3F7-45D3-49EB-9784-1F13FA2CBB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "3795D2DE-622F-4C82-B133-0993A01AC1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "C0DB9896-BC25-46E3-AA6F-496A442BE525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "CE56A949-74AC-4138-8AD3-31F5763860EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "4A3DB867-FD46-46EB-AEF0-2B6E79371AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "7881FBB4-AC09-4EB9-B02F-3EA19237E095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "F391E432-98B8-4D97-8AD4-FB1A84FAF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "61D908B2-446E-48EC-9F6B-91E8BF0F6A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125565:*:*:*:*:*:*",
"matchCriteriaId": "FD5F28B0-580E-4CD4-917A-496D35AD271A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "F0FC96AA-F2F4-4C35-8BF7-6318A2F624A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125583:*:*:*:*:*:*",
"matchCriteriaId": "6EA008F1-4E47-4753-8506-769B29AB5BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125584:*:*:*:*:*:*",
"matchCriteriaId": "7ED68CDE-1096-4490-8E6B-78F4AC2BB729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125598:*:*:*:*:*:*",
"matchCriteriaId": "34F8D9B7-3BD7-44C0-A292-162928729F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "ADFB3155-72F3-4DFA-BAE1-5725A40E6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125612:*:*:*:*:*:*",
"matchCriteriaId": "7446678C-E2DB-4EA2-BC9B-430C8EC7804B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "33C57314-5503-48BD-9ED2-D76517C9C0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "AC201C68-2C1D-4E75-9443-C5F853A37AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6628EB7-96F6-48E3-8018-8F569972B811",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "B64ADEEB-502D-4588-BD80-156124437AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "2306C5F3-5413-4240-BAB6-E55849063A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:*",
"matchCriteriaId": "87F97A9E-2AB3-4121-B5A7-0AA25780D336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:*",
"matchCriteriaId": "AD049643-9546-4D39-BD26-79661205C110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AEEB49-1C45-4B88-81C1-A1425B7E99A2",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "C7F15A64-F15C-43E4-890A-7FEB0614C6DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "378A2C19-6176-4E95-AB9C-B60A1F1A1E87",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*",
"matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "AC812003-B383-4E52-B9D3-90F4B0633C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "E6BE678E-EC68-478F-A4E0-73E032C88167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "A5E373E7-9BB3-480F-A685-BAA7A9CD1BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "BC2FC98F-84FF-4C90-BD7C-20A4910BED44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9794CB33-4932-4AA6-AC8C-B9FB6AE233FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "3CC0A1C9-2F24-422A-8478-95BDCE1EBE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14304:*:*:*:*:*:*",
"matchCriteriaId": "4E541BD1-3BB8-4807-BDF8-45B0916416D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*",
"matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*",
"matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*",
"matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*",
"matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*",
"matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*",
"matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4308:*:*:*:*:*:*",
"matchCriteriaId": "18B78BDC-0EAA-4781-8D62-01E47AA3BF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4309:*:*:*:*:*:*",
"matchCriteriaId": "A9EE7E99-B428-41EF-A693-7A316F695160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "13A9F940-083E-451E-A330-877D67F617BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9FE925DF-55E6-4E7F-B5CD-F5ED097BBBC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "0031CF5C-78FE-4CB0-97CE-087C10A77EB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41B34AA8-294A-48A9-8579-44EB7EE192F3",
"versionEndExcluding": "12.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en varios productos ManageEngine que puede provocar la exposici\u00f3n de claves de cifrado. Un usuario de sistema operativo con pocos privilegios y acceso al host donde est\u00e1 instalado un producto ManageEngine afectado puede ver y utilizar la clave expuesta para descifrar las contrase\u00f1as de la base de datos del producto. Esto permite al usuario acceder a la base de datos del producto ManageEngine."
}
],
"id": "CVE-2023-6105",
"lastModified": "2025-02-13T18:16:03.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T21:15:08.490",
"references": [
{
"source": "vulnreport@tenable.com",
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}