Vulnerabilites related to zohocorp - manageengine_eventlog_analyzer
cve-2017-11686
Vulnerability from cvelistv5
Published
2017-07-27 06:00
Modified
2024-08-05 18:19
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://init6.me/exploiting-manageengine-eventlog-analyzer.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user\u0027s password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user\u0027s password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html",
"refsource": "MISC",
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11686",
"datePublished": "2017-07-27T06:00:00",
"dateReserved": "2017-07-26T00:00:00",
"dateUpdated": "2024-08-05T18:19:38.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6038
Vulnerability from cvelistv5
Published
2020-01-13 12:42
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/70959 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98540 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Nov/12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70959"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T13:34:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/70959"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"name": "http://www.securityfocus.com/bid/70959",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/70959"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Nov/12",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6038",
"datePublished": "2020-01-13T12:42:47",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6039
Vulnerability from cvelistv5
Published
2020-01-13 12:47
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Nov/12 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/70960 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98539 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70960"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T13:31:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/70960"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Nov/12",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
},
{
"name": "http://www.securityfocus.com/bid/70960",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/70960"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6039",
"datePublished": "2020-01-13T12:47:13",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5103
Vulnerability from cvelistv5
Published
2014-07-25 19:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/532856/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/68854 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140722 Cross-site Scripting in EventLog Analyzer 9.0 build #9000",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532856/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html"
},
{
"name": "68854",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T13:23:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140722 Cross-site Scripting in EventLog Analyzer 9.0 build #9000",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532856/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html"
},
{
"name": "68854",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140722 Cross-site Scripting in EventLog Analyzer 9.0 build #9000",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532856/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html"
},
{
"name": "68854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5103",
"datePublished": "2014-07-25T19:00:00",
"dateReserved": "2014-07-25T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35785
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:56:34.893304",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35785",
"datePublished": "2023-08-28T00:00:00",
"dateReserved": "2023-06-16T00:00:00",
"dateUpdated": "2024-08-02T16:30:45.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4930
Vulnerability from cvelistv5
Published
2014-08-29 14:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69420 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2014/Aug/74 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:36.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69420"
},
{
"name": "20140827 ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T13:27:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69420"
},
{
"name": "20140827 ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69420"
},
{
"name": "20140827 ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Aug/74"
},
{
"name": "http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4930",
"datePublished": "2014-08-29T14:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:34:36.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7405
Vulnerability from cvelistv5
Published
2018-03-13 19:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pitstop.manageengine.com/portal/community/topic/security-notice | x_refsource_CONFIRM | |
| https://www.manageengine.com/products/eventlog/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-notice"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-notice"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pitstop.manageengine.com/portal/community/topic/security-notice",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/community/topic/security-notice"
},
{
"name": "https://www.manageengine.com/products/eventlog/release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7405",
"datePublished": "2018-03-13T19:00:00",
"dateReserved": "2018-02-22T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12133
Vulnerability from cvelistv5
Published
2019-06-18 21:27
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html | x_refsource_CONFIRM | |
| https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T18:00:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"name": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md",
"refsource": "MISC",
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12133",
"datePublished": "2019-06-18T21:27:25",
"dateReserved": "2019-05-15T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10075
Vulnerability from cvelistv5
Published
2018-07-02 16:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/eventlog/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-02T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/eventlog/release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10075",
"datePublished": "2018-07-02T16:00:00",
"dateReserved": "2018-04-12T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8721
Vulnerability from cvelistv5
Published
2018-03-15 04:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103424 | vdb-entry, x_refsource_BID | |
| https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103424"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm\u0026tab=alert\u0026alert=profile URI and the Edit Alert Profile screen"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103424"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm\u0026tab=alert\u0026alert=profile URI and the Edit Alert Profile screen"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103424"
},
{
"name": "https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack",
"refsource": "CONFIRM",
"url": "https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8721",
"datePublished": "2018-03-15T04:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24786
Vulnerability from cvelistv5
Published
2020-08-31 14:02
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:02:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/data-security/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5",
"refsource": "MISC",
"url": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://www.manageengine.com/products/eventlog/features-new.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24786",
"datePublished": "2020-08-31T14:02:05",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7387
Vulnerability from cvelistv5
Published
2015-09-28 15:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/38173/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2015/Sep/59 | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/38352/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html | x_refsource_MISC | |
| http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38173",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"name": "20150915 ManageEngine EventLog Analyzer SQL query execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"name": "38352",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38352/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\" Fixed in Build 11200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:39:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38173",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"name": "20150915 ManageEngine EventLog Analyzer SQL query execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"name": "38352",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38352/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\" Fixed in Build 11200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38173",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"name": "20150915 ManageEngine EventLog Analyzer SQL query execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"name": "38352",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38352/"
},
{
"name": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7387",
"datePublished": "2015-09-28T15:00:00",
"dateReserved": "2015-09-28T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10076
Vulnerability from cvelistv5
Published
2018-07-02 16:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/eventlog/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-02T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/eventlog/release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10076",
"datePublished": "2018-07-02T16:00:00",
"dateReserved": "2018-04-12T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28959
Vulnerability from cvelistv5
Published
2021-04-30 12:16
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/eventlog/features-new.html#release | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T12:16:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/eventlog/features-new.html#release",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28959",
"datePublished": "2021-04-30T12:16:42",
"dateReserved": "2021-03-21T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6043
Vulnerability from cvelistv5
Published
2014-09-11 15:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/34519 | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2014/Aug/86 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2014/Sep/19 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/69482 | vdb-entry, x_refsource_BID | |
| https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"name": "34519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"name": "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"name": "69482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:48:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"name": "34519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"name": "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"name": "69482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"name": "34519",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"name": "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"name": "69482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69482"
},
{
"name": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt",
"refsource": "MISC",
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6043",
"datePublished": "2014-09-11T15:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19774
Vulnerability from cvelistv5
Published
2019-12-13 18:00
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running \"select hostdetails from hostdetails\" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-24T10:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running \"select hostdetails from hostdetails\" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/eventlog/features-new.html#release",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
},
{
"name": "https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39",
"refsource": "MISC",
"url": "https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39"
},
{
"name": "http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19774",
"datePublished": "2019-12-13T18:00:22",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11685
Vulnerability from cvelistv5
Published
2017-07-27 06:00
Modified
2024-08-05 18:19
Severity ?
EPSS score ?
Summary
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://init6.me/exploiting-manageengine-eventlog-analyzer.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:37.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html",
"refsource": "MISC",
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11685",
"datePublished": "2017-07-27T06:00:00",
"dateReserved": "2017-07-26T00:00:00",
"dateUpdated": "2024-08-05T18:19:37.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6037
Vulnerability from cvelistv5
Published
2014-10-26 19:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/34519 | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2014/Aug/86 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2014/Sep/1 | mailing-list, x_refsource_FULLDISC | |
| https://github.com/rapid7/metasploit-framework/pull/3732 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Sep/19 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/69482 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2014/Sep/20 | mailing-list, x_refsource_FULLDISC | |
| https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt | x_refsource_MISC | |
| http://osvdb.org/show/osvdb/110642 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"name": "34519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"name": "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"name": "20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/3732"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"name": "69482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
},
{
"name": "110642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/110642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T13:17:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"name": "34519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"name": "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"name": "20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/3732"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"name": "69482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
},
{
"name": "110642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/110642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"name": "34519",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"name": "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"name": "20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/1"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/3732",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/3732"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"name": "69482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69482"
},
{
"name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/20"
},
{
"name": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt",
"refsource": "MISC",
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
},
{
"name": "110642",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/110642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6037",
"datePublished": "2014-10-26T19:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11687
Vulnerability from cvelistv5
Published
2017-07-27 06:00
Modified
2024-08-05 18:19
Severity ?
EPSS score ?
Summary
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
References
| ▼ | URL | Tags |
|---|---|---|
| http://init6.me/exploiting-manageengine-eventlog-analyzer.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:37.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html",
"refsource": "MISC",
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11687",
"datePublished": "2017-07-27T06:00:00",
"dateReserved": "2017-07-26T00:00:00",
"dateUpdated": "2024-08-05T18:19:37.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-07-02 16:29
Modified
2024-11-21 03:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/eventlog/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/eventlog/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 11.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8A4FF2-E41D-4B7E-B374-482783F38FD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en Zoho ManageEngine EventLog Analyzer 11.12 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante la caracter\u00edstica de importaci\u00f3n de logs."
}
],
"id": "CVE-2018-10075",
"lastModified": "2024-11-21T03:40:46.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-02T16:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-11 15:55
Modified
2024-11-21 02:13
Severity ?
Summary
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 8.2 | |
| zohocorp | manageengine_eventlog_analyzer | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.2:8020:*:*:*:*:*:*",
"matchCriteriaId": "D436DFEC-7A1C-4BB0-9914-CCA0CCBD3158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.0:9002:*:*:*:*:*:*",
"matchCriteriaId": "0399B4E3-7616-4E81-A42F-E6B31F042CAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000."
},
{
"lang": "es",
"value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 y 8.2 build 8020 no restringe correctamente el acceso al navegador de la base de datos, lo que permite a los usuarios autenticados remotos obtener acceso a la base de datos a trav\u00e9s de una solicitud directa a event / runQuery.do. Corregido en Build 10000."
}
],
"id": "CVE-2014-6043",
"lastModified": "2024-11-21T02:13:40.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-11T15:55:05.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-02 16:29
Modified
2024-11-21 03:40
Severity ?
Summary
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/eventlog/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/eventlog/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 11.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8A4FF2-E41D-4B7E-B374-482783F38FD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Zoho ManageEngine EventLog Analyzer 11.12. Una vulnerabilidad de Cross-Site Scripting (XSS) permite que un atacante remoto inyecte scripts web o HTML arbitrarios mediante la funcionalidad de b\u00fasqueda (el cuadro de b\u00fasqueda del Dashboard)."
}
],
"id": "CVE-2018-10076",
"lastModified": "2024-11-21T03:40:46.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-02T16:29:00.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-25 19:55
Modified
2024-11-21 02:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.0:9000:*:*:*:*:*:*",
"matchCriteriaId": "9ECAA6D6-DFD4-47A3-8DE5-927BF20A758B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000."
},
{
"lang": "es",
"value": "La vulnerabilidad de secuencias Cross-site scripting (XSS) en ZOHO ManageEngine EventLog Analyzer 9 build 9000 permite a los atacantes remotos inyectar secuencias de comandos web arbitrarias o HTML a trav\u00e9s del par\u00e1metro j_username en event / j_security_check. Corregido en la Versi\u00f3n 10 Build 10000."
}
],
"id": "CVE-2014-5103",
"lastModified": "2024-11-21T02:11:25.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-25T19:55:07.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532856/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532856/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68854"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-13 19:29
Modified
2024-11-21 04:12
Severity ?
Summary
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pitstop.manageengine.com/portal/community/topic/security-notice | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/eventlog/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/community/topic/security-notice | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/eventlog/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58016FE8-CB84-4C0A-BE66-F985B6038C19",
"versionEndExcluding": "11.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en versiones anteriores a la 11.12 Build 11120 de Zoho ManageEngine EventLog Analyzer permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2018-7405",
"lastModified": "2024-11-21T04:12:05.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-13T19:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-notice"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/security-notice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-15 04:29
Modified
2024-11-21 04:14
Severity ?
Summary
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/103424 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103424 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5086107D-0741-4EC8-8A8F-0AF3E895D35B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm\u0026tab=alert\u0026alert=profile URI and the Edit Alert Profile screen"
},
{
"lang": "es",
"value": "Zoho ManageEngine EventLog Analyzer, en su versi\u00f3n 11.0 build 11000, tiene Cross-Site Scripting (XSS) persistente relacionado con la URI index2.do?url=editAlertFormtab=alertalert=profile y la pantalla Edit Alert Profile."
}
],
"id": "CVE-2018-8721",
"lastModified": "2024-11-21T04:14:12.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-15T04:29:00.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103424"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pitstop.manageengine.com/portal/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-27 06:29
Modified
2024-11-21 03:08
Severity ?
Summary
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://init6.me/exploiting-manageengine-eventlog-analyzer.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://init6.me/exploiting-manageengine-eventlog-analyzer.html | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 11.4 | |
| zohocorp | manageengine_eventlog_analyzer | 11.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2001AC-0699-40AC-AD32-7DD526A31574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542CF2AD-EC7E-4D05-B70D-D5934ABE6A49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user\u0027s password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method."
},
{
"lang": "es",
"value": "Zoho ManageEngine Event Log Analyzer versiones 11.4 y 11.5, permite a los atacantes remotos obtener la contrase\u00f1a de un usuario autenticado por medio de vulnerabilidades XSS o espiando el tr\u00e1fico no SSL en la red, porque la contrase\u00f1a se representa en una cookie con un m\u00e9todo de codificaci\u00f3n reversible."
}
],
"id": "CVE-2017-11686",
"lastModified": "2024-11-21T03:08:18.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-27T06:29:00.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-27 06:29
Modified
2024-11-21 03:08
Severity ?
Summary
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://init6.me/exploiting-manageengine-eventlog-analyzer.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://init6.me/exploiting-manageengine-eventlog-analyzer.html | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 11.4 | |
| zohocorp | manageengine_eventlog_analyzer | 11.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2001AC-0699-40AC-AD32-7DD526A31574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542CF2AD-EC7E-4D05-B70D-D5934ABE6A49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) reflexivo en la b\u00fasqueda y visualizaci\u00f3n de datos de eventos en Zoho ManageEngine Event Log Analyzer versiones 11.4 y 11.5, permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios, como es demostrado por el par\u00e1metro fName."
}
],
"id": "CVE-2017-11685",
"lastModified": "2024-11-21T03:08:18.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-27T06:29:00.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7380E0EF-684C-487E-B343-672248D8642E",
"versionEndIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*",
"matchCriteriaId": "7F229F49-EA44-4D0A-855B-FC586CE8CFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*",
"matchCriteriaId": "07AED2F0-F527-4B4A-82FC-F571899F3738",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB7B1B9-633E-4866-B236-94888342ACD1",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "1A55E1C9-DCFE-49E7-A9A3-E3A5ECBEE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E8C30A5E-33C7-4EB3-9FB4-D5AECD9A5C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "B7085438-77E4-4B12-A885-F2294CF9B318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "7821DCD0-30DB-4520-B174-0E51CB07E12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "4666EEFD-5F91-4F1D-BB15-736A984ABA27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCD7A9D-B1BC-4CE8-9E5D-8795674BB1AA",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4200:*:*:*:*:*:*",
"matchCriteriaId": "14116D8A-9798-4EF2-9652-286D4CBDAADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4201:*:*:*:*:*:*",
"matchCriteriaId": "DAC56F69-9894-4236-9E4E-412403204E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4202:*:*:*:*:*:*",
"matchCriteriaId": "6B180386-1930-4EC2-9AF8-21F375E74BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4203:*:*:*:*:*:*",
"matchCriteriaId": "91787EC1-3053-4784-B985-FC09F368CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4204:*:*:*:*:*:*",
"matchCriteriaId": "B270FDB7-A2E2-4D77-9E68-17E57ED41B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4205:*:*:*:*:*:*",
"matchCriteriaId": "06621A53-3A32-4691-A02A-417A9DBCB9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4206:*:*:*:*:*:*",
"matchCriteriaId": "E32D414E-ADEB-4FE3-8114-815A744DBF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4207:*:*:*:*:*:*",
"matchCriteriaId": "E2A124B0-CAC1-4D17-98FF-DF479F404283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4208:*:*:*:*:*:*",
"matchCriteriaId": "BED5824C-9A62-4A9E-A440-3368D709674B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4209:*:*:*:*:*:*",
"matchCriteriaId": "F36F3D07-F9E3-4CF1-8BD3-73F58B18D35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4210:*:*:*:*:*:*",
"matchCriteriaId": "357AB232-A834-4899-950D-53E0690726A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4212:*:*:*:*:*:*",
"matchCriteriaId": "680C0265-E4DF-4275-8B0C-EBD9E7B5B798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4213:*:*:*:*:*:*",
"matchCriteriaId": "27CA1268-5D13-445A-985B-AE8F5494F61C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4214:*:*:*:*:*:*",
"matchCriteriaId": "2112361C-8F57-40E6-B665-FA8D585FA933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4215:*:*:*:*:*:*",
"matchCriteriaId": "A4E777D1-9414-439C-9309-7C89192905A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4216:*:*:*:*:*:*",
"matchCriteriaId": "FDCD0C9A-0287-4BAA-97C1-CCA96212A8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4217:*:*:*:*:*:*",
"matchCriteriaId": "27D917BB-D64D-4E16-B5E2-485EE127A310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4219:*:*:*:*:*:*",
"matchCriteriaId": "CD0D83CD-3F8B-41A5-8110-2207FC202529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4220:*:*:*:*:*:*",
"matchCriteriaId": "E7569882-9E12-4ED8-9F54-AC1F0C9EC50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4222:*:*:*:*:*:*",
"matchCriteriaId": "F15A754D-A668-42C8-9E37-7A3364BE129B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4223:*:*:*:*:*:*",
"matchCriteriaId": "086FDB61-78D3-4540-B2AC-42DF1D41ABA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4224:*:*:*:*:*:*",
"matchCriteriaId": "6F9285FB-23E4-438E-8081-D0589A8727C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4225:*:*:*:*:*:*",
"matchCriteriaId": "A4E0D81C-36B3-4638-BB0E-18023D13DA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4227:*:*:*:*:*:*",
"matchCriteriaId": "5B1F3742-3B1A-43DC-8CD7-547A4EB436E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3ADF4BC-41C3-483D-A24F-52F5D8D90E02",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "D88BAE7C-AE20-4B66-8380-93CFF7E716F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "A2EA6313-C2FC-45B5-92E6-4239B4E41E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "B6BAA7AF-E61E-40FB-ADA5-CDC51508A848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "9F96ED00-5DBE-4909-90DF-F4CDB4946ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "4CCFDC58-067A-420F-924B-9BFC342411D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "3C532BCE-429E-403D-9D44-9E3B8FD35C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "7286F2C9-FB52-4524-8293-81B36E9E8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "E70A8EC5-1046-42E8-99DC-D564B66BA987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6020:*:*:*:*:*:*",
"matchCriteriaId": "A6BF11B6-4616-49DC-B7D0-0165691D7ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6021:*:*:*:*:*:*",
"matchCriteriaId": "32FCBB8F-35F2-4A3C-8F04-39AEAAB76BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "75F07512-4B8D-492C-A59A-E2E75713241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "1750C0CC-B017-44DF-95F2-628125E416FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "B0D5FC87-6BD7-4056-8879-7BAF28BB69C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19FFF0-464F-4BAA-BD8F-5A8296EAC724",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "58739BDC-8741-4904-96C4-5E075FF87676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "69C40DE9-1849-437B-8C48-BB5ACD104CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "5792AAA4-6E32-48F6-BAF9-91AE9CE468D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "BB623771-BA56-4684-85E1-941A5EF0624A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6016:*:*:*:*:*:*",
"matchCriteriaId": "9CCF0FA4-0326-405B-94F2-513E0FAA6FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "789DE939-8305-4684-B19C-29F5A26E25A6",
"versionEndIncluding": "12.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12130:*:*:*:*:*:*",
"matchCriteriaId": "04E5575C-A204-4A46-ACDB-7A2837B2A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12135:*:*:*:*:*:*",
"matchCriteriaId": "22C76170-BE8E-40D7-9AA0-349EBB9DC718",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "350B9823-6421-4817-A9BA-B138918ADEDB",
"versionEndIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "053FB8DD-94D7-438A-8802-8ECF8B79FCA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "616D32A3-B19A-4C05-BF43-4AEB7573BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "28FF33D3-81DE-4849-8EA9-4C396D775892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "A6BE7AA0-F201-4F29-BE11-983CAE5BE103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "64339FF6-3563-41B2-8B61-A9DF076069C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "AD025538-8C73-4648-9C77-25E49FF77A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "FB3C81C0-1234-4CAA-8FB1-833FB2EF4872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "A5E6D12F-C642-4001-A838-65DDA3F94D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6033:*:*:*:*:*:*",
"matchCriteriaId": "32435B99-81DD-4AEC-ABBF-DEAFAB00CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6050:*:*:*:*:*:*",
"matchCriteriaId": "37CDC611-B94C-483C-9C4C-5BCFA6CAB7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6052:*:*:*:*:*:*",
"matchCriteriaId": "A75E3D4D-5596-4E93-8541-F183AF105231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45EEAE93-0898-4FD8-9A31-FE2D5AAD3E79",
"versionEndIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1312ABF3-93FA-46E7-BF3C-61B1A0E7BA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4301:*:*:*:*:*:*",
"matchCriteriaId": "6912B88D-23D4-4E1E-98B8-60A60314A516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "7392FEE2-8102-4125-8927-4356732ED167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "0A9867BA-BAD0-482E-AC6B-CFDC9BF19AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "B20578E3-8995-4062-9FBF-85B76945B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "96471B59-E195-4FF4-A36C-C4248F970817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "DAD74918-D60A-427A-B46B-979F3D0870A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "91731443-F449-457A-B8BD-017726596714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "C923DAAE-1C60-4A50-800D-422098A143FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "F820E8A0-981A-4C68-AFBF-D263B627F4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4311:*:*:*:*:*:*",
"matchCriteriaId": "84F1A956-19D1-47D3-AEF4-0117A25A1DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "2AE25043-4F64-4B5E-8B9F-B0793FE4834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4316:*:*:*:*:*:*",
"matchCriteriaId": "2D5849AA-9DD2-4836-9F78-0CFB917A8398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4317:*:*:*:*:*:*",
"matchCriteriaId": "777FFDDC-EA8A-45C5-963A-8982C7FA9D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4318:*:*:*:*:*:*",
"matchCriteriaId": "61658169-04C4-45A5-B6F9-31EABDFC7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4319:*:*:*:*:*:*",
"matchCriteriaId": "0439F4CA-5831-444F-9403-91B08D55CE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4320:*:*:*:*:*:*",
"matchCriteriaId": "CCE01DB3-1C25-4A0A-86A2-48052A01F21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4321:*:*:*:*:*:*",
"matchCriteriaId": "20CF3B2A-E1DA-472C-9E5B-7729F5A9B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4322:*:*:*:*:*:*",
"matchCriteriaId": "EF5CADAA-EE4B-45FE-8B31-910EB2F9A457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4324:*:*:*:*:*:*",
"matchCriteriaId": "317936F9-5856-4C05-96B0-06B286002C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4325:*:*:*:*:*:*",
"matchCriteriaId": "7A6A9E35-0AE0-41EC-95BD-6DA045B670C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4327:*:*:*:*:*:*",
"matchCriteriaId": "02E7A3A5-B101-450A-B048-580535ACD150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4328:*:*:*:*:*:*",
"matchCriteriaId": "A7804A96-2937-46EE-BCCE-7C19D3A0BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4329:*:*:*:*:*:*",
"matchCriteriaId": "92CF2307-5CE0-44C6-BBAB-9974879426D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4330:*:*:*:*:*:*",
"matchCriteriaId": "A8D1D36D-990A-426E-9DA6-8506DA235FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4331:*:*:*:*:*:*",
"matchCriteriaId": "9210E989-CEBE-430A-ABF1-30DFC3B81CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4332:*:*:*:*:*:*",
"matchCriteriaId": "AD45843D-AB8F-4CFF-8EDA-3A1AEB9C3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4333:*:*:*:*:*:*",
"matchCriteriaId": "81549C4B-1B64-4E4F-91D2-25EA86BB2859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4334:*:*:*:*:*:*",
"matchCriteriaId": "56201D6A-2330-41D0-B38D-9D4A21D6CF20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D116EAD-FC10-4B20-88C1-356C9EE0F8D7",
"versionEndIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF66EAF9-40F8-4C96-B521-58EFEFFEA2C6",
"versionEndIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "4DE6724F-80AA-4B3E-8CF1-1158F6C98AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*",
"matchCriteriaId": "A4D9B6E0-47A7-48D1-AF6A-A8512475ABD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*",
"matchCriteriaId": "FFD7E625-FAA2-4452-9E18-5E4A61A93FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*",
"matchCriteriaId": "8504DAE3-6CD9-4640-9EB1-CB304DB79BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*",
"matchCriteriaId": "F42110FC-D21E-439E-BB8C-45C03F639CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*",
"matchCriteriaId": "612E5D11-83D1-4E80-B7A4-57F61690DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*",
"matchCriteriaId": "C89C31C7-3196-47CD-9A9D-0761CEEB04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "821C24DA-1C22-43ED-AD67-E947D323A3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "FAFEF7B6-4B56-42C8-958B-E0B677F5D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "43CEBA06-F115-41E9-8B3E-C004528340A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "E398D48C-AD94-4E84-9E3A-28A8586B3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "3D042A11-638F-4485-A753-ACF2BE92D900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B0E2FA-186D-48D7-89AE-461224CA7242",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4F222A9E-12E7-45E6-BF7D-61D60FCF1787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "E5EBBD07-EB06-407C-8BFE-139A7F37D129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4408F07A-E77E-4F74-B951-E90D0AD0FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "44454167-93A9-4109-A137-0DBF56B870E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "9F95F165-5E41-4F44-A049-1B67F045A3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "EF50B0BD-244E-4445-A119-7165829BEA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "0A509BA6-9E79-4250-B412-2CCE2EF20031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5150:*:*:*:*:*:*",
"matchCriteriaId": "CA676B42-6E42-4A5C-986E-C06A4F97500A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5154:*:*:*:*:*:*",
"matchCriteriaId": "CA8D9B25-9BB1-427A-8C07-FB40638218E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5155:*:*:*:*:*:*",
"matchCriteriaId": "B1660FC6-4E59-4F1B-ABAB-51E7CD31B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5160:*:*:*:*:*:*",
"matchCriteriaId": "994FB926-30C1-4399-BE7E-1989375382FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5164:*:*:*:*:*:*",
"matchCriteriaId": "38C88C6C-A399-4B3F-A3DE-8410B68C9C2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zoho ManageEngine Exchange Reporter Plus antes del n\u00famero de compilaci\u00f3n 5510, AD360 antes del n\u00famero de compilaci\u00f3n 4228, ADSelfService Plus antes del n\u00famero de compilaci\u00f3n 5817, DataSecurity Plus antes del n\u00famero de compilaci\u00f3n 6033, RecoverManager Plus antes del n\u00famero de compilaci\u00f3n 6017, EventLog Analyzer antes del n\u00famero de compilaci\u00f3n 12136, ADAudit Adem\u00e1s, antes del n\u00famero de compilaci\u00f3n 6052, O365 Manager Plus antes del n\u00famero de compilaci\u00f3n 4334, Cloud Security Plus antes del n\u00famero de compilaci\u00f3n 4110, ADManager Plus antes del n\u00famero de compilaci\u00f3n 7055 y Log360 antes del n\u00famero de compilaci\u00f3n 5166. El servlet de Java com.manageengine.ads.fw.servlet.UpdateProductDetails accesible remotamente es propenso a una omisi\u00f3n de autenticaci\u00f3n. Las propiedades de integraci\u00f3n del sistema pueden ser modificadas y conllevar a un compromiso total de la suite de ManageEngine"
}
],
"id": "CVE-2020-24786",
"lastModified": "2024-11-21T05:16:04.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.870",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-28 20:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "9A24DBF5-EBC0-49DB-B253-1098BF1C6180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "9E5C2FC4-A020-42C8-958D-603C82E9F0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4313:*:*:*:*:*:*",
"matchCriteriaId": "D94DE7F6-9231-48F5-8B3F-D8D34594CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4314:*:*:*:*:*:*",
"matchCriteriaId": "27C465F6-F7F2-4FBD-B12F-4795EB47842C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4315:*:*:*:*:*:*",
"matchCriteriaId": "27BCB134-B415-481F-BBDB-650F5AD65EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
"matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
"matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
"matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
"matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
"matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*",
"matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6989:*:*:*:*:*:*",
"matchCriteriaId": "82F1AAC1-E49B-4580-9569-AD9B1E649A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6990:*:*:*:*:*:*",
"matchCriteriaId": "D971F57C-820C-4391-A15C-80A4901BC358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6991:*:*:*:*:*:*",
"matchCriteriaId": "3EAA3D29-2763-4201-9471-A0874727F40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6992:*:*:*:*:*:*",
"matchCriteriaId": "B632C001-CE54-4C22-AB99-7919D8902FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6993:*:*:*:*:*:*",
"matchCriteriaId": "648277D7-3CDD-455B-95D3-CBD9A3A82C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*",
"matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F",
"versionEndExcluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*",
"matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*",
"matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*",
"matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*",
"matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*",
"matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*",
"matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*",
"matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*",
"matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*",
"matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*",
"matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*",
"matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*",
"matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*",
"matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*",
"matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*",
"matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*",
"matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*",
"matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*",
"matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*",
"matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D262240-1B28-4B7C-B673-C10DD878D912",
"versionEndExcluding": "12.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12300:*:*:*:*:*:*",
"matchCriteriaId": "39F6B49B-8531-4A62-B0D9-C1BCD728D4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12301:*:*:*:*:*:*",
"matchCriteriaId": "F2769404-4E8A-478C-9328-269E2C334E31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B83EF5-BEF1-4636-9B3C-AE41E6010F2C",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5300:*:*:*:*:*:*",
"matchCriteriaId": "CF4D70E8-77A6-4F51-A15B-28299D43B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5301:*:*:*:*:*:*",
"matchCriteriaId": "E03D403B-C904-482E-838C-D6595C5D27FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5302:*:*:*:*:*:*",
"matchCriteriaId": "FFEB1CB7-B9F7-463D-88F8-3A2E86264FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5305:*:*:*:*:*:*",
"matchCriteriaId": "E4B18DCB-4A02-4DE6-9B19-D79299934D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5310:*:*:*:*:*:*",
"matchCriteriaId": "2D34C6F9-2578-460F-AF34-2E9494BCDE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5311:*:*:*:*:*:*",
"matchCriteriaId": "48E3DA1B-9FC6-4F07-9F89-6D71EF42FCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5315:*:*:*:*:*:*",
"matchCriteriaId": "B2F48B91-FFD5-4AC4-A198-64870E47AE9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*",
"matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*",
"matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*",
"matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*",
"matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*",
"matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*",
"matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*",
"matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*",
"matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*",
"matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*",
"matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*",
"matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*",
"matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*",
"matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*",
"matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*",
"matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*",
"matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*",
"matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*",
"matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*",
"matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*",
"matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*",
"matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*",
"matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*",
"matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*",
"matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*",
"matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*",
"matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*",
"matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*",
"matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*",
"matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*",
"matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*",
"matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*",
"matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*",
"matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*",
"matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*",
"matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*",
"matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*",
"matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*",
"matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*",
"matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*",
"matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*",
"matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*",
"matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*",
"matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*",
"matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*",
"matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*",
"matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*",
"matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*",
"matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*",
"matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*",
"matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*",
"matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*",
"matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*",
"matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*",
"matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*",
"matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*",
"matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*",
"matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*",
"matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*",
"matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*",
"matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*",
"matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*",
"matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD",
"versionEndExcluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*",
"matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*",
"matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*",
"matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*",
"matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*",
"matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*",
"matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*",
"matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*",
"matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*",
"matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*",
"matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*",
"matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*",
"matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*",
"matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*",
"matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*",
"matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*",
"matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*",
"matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*",
"matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*",
"matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*",
"matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*",
"matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*",
"matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*",
"matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*",
"matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*",
"matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*",
"matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*",
"matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D",
"versionEndExcluding": "14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*",
"matchCriteriaId": "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*",
"matchCriteriaId": "19A77447-AA60-4011-A64B-0A065F43279E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14202:*:*:*:*:*:*",
"matchCriteriaId": "811ADC13-780C-4325-8879-E521CBEC20B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14203:*:*:*:*:*:*",
"matchCriteriaId": "DB25E317-1104-4CFE-8F6A-B8B55F578F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14204:*:*:*:*:*:*",
"matchCriteriaId": "8157D1BB-556A-444B-9F4C-0BD0EF4CF02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
"matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
"matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
"matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
},
{
"lang": "es",
"value": "Zoho ManageEngine Active Directory 360 versiones 4315 e inferiores, ADAudit Plus 7202 e inferiores, ADManager Plus 7200 e inferiores, Asset Explorer 6993 e inferiores y 7xxx 7002 e inferiores, Cloud Security Plus 4161 e inferiores, Data Security Plus 6110 e inferiores, Eventlog Analyzer 12301 y siguientes, Exchange Reporter Plus 5709 y siguientes, Log360 5315 y siguientes, Log360 UEBA 4045 y siguientes, M365 Manager Plus 4529 y siguientes, M365 Security Plus 4529 y siguientes, Recovery Manager Plus 6061 y siguientes, ServiceDesk Plus 14204 y siguientes y 143xx 14302 e inferiores, ServiceDesk Plus MSP 14300 e inferiores, SharePoint Manager Plus 4402 e inferiores, y Support Center Plus 14300 e inferiores son vulnerables a la omisi\u00f3n de 2FA a trav\u00e9s de algunos autenticadores TOTP. Nota: Se requiere un par v\u00e1lido de nombre de usuario y contrase\u00f1a para aprovechar esta vulnerabilidad.\n"
}
],
"id": "CVE-2023-35785",
"lastModified": "2024-11-21T08:08:41.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-28T20:15:08.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-13 13:15
Modified
2024-11-21 02:13
Severity ?
Summary
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Nov/12 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/70960 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/98539 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Nov/12 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70960 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/98539 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F4AD-3FD0-4172-AEB1-2A282356B126",
"versionEndIncluding": "9.9",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000."
},
{
"lang": "es",
"value": "ManageEngine EventLog Analyzer, versi\u00f3n 7 hasta la versi\u00f3n 9.9, compilaci\u00f3n 9002 tiene una vulnerabilidad de divulgaci\u00f3n de credenciales. Versi\u00f3n fija 10 Build 10000."
}
],
"id": "CVE-2014-6039",
"lastModified": "2024-11-21T02:13:39.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-13T13:15:12.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70960"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-18 22:15
Modified
2024-11-21 04:22
Severity ?
Summary
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14FAD4FD-CD54-4FE7-A849-A4837D3413B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB71331-CB4A-41FD-AC26-90F833ED9D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380:*:*:*:*:*:*:*",
"matchCriteriaId": "643C7F9E-F838-421C-BB13-ECCFDF073C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67C97619-847C-43B7-ADC8-B9B9833FA5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCF81E8-5FEE-4178-9FB0-49CB377329BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC9E0-7B46-46AB-87D4-596993A15859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2AF501-8A1A-4BB8-B796-0AFCF379B23A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26D0B03D-B7B2-4E45-837A-C29DF895C065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB014B4E-EB9B-4B71-9E9C-EB28E254FBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7C3D36-6C00-488D-B862-68EC243A9348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11843753-531F-4D94-AC7F-F23D6EC8728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B6B47F-EE8C-49C7-B2FF-B886C2D68849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3E409911-AB1C-47CA-9E69-484B7E16FC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1451EC-1F96-42AF-BEC9-0D370E827643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F64E8AC1-A456-46B8-8940-A200C328A7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD30D38-181E-4397-98DF-A7BE8D745A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457BE370-7CAF-4010-AC8C-A059F4892408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D50F7EAA-D965-4C81-867C-FE4FC0DC9BB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus."
},
{
"lang": "es",
"value": "Varios productos Zoho ManageEngine sufren una escalada de privilegios locales debido a permisos inapropiados para el directorio %SYSTEMDRIVE%\\ManageEngine y sus subcarpetas. Adem\u00e1s, los servicios asociados con dichos productos intentan ejecutar archivos binarios como sc.exe desde el directorio actual durante un inicio de sistema. Esto permitir\u00e1 efectivamente a los usuarios no privilegiados escalar sus privilegios a NT AUTHORITY\\SYSTEM. Esto afecta a Desktop Central versi\u00f3n 10.0.380, EventLog Analyzer versi\u00f3n 12.0.2, ServiceDesk Plus versi\u00f3n 10.0.0, SupportCenter Plus versi\u00f3n 8.1, O365 Manager Plus versi\u00f3n 4.0, Mobile Device Manager Plus versi\u00f3n 9.0.0, Patch Connect Plus versi\u00f3n 9.0.0, Vulnerability Manager Plus versi\u00f3n 9.0.0 , Patch Manager Plus versi\u00f3n 9.0.0, OpManager versi\u00f3n 12.3, NetFlow Analyzer versi\u00f3n 11.0, OpUtils versi\u00f3n 11.0, Network Configuration Manager versi\u00f3n 11.0, FireWall versi\u00f3n 12.0, Key Manager Plus versi\u00f3n 5.6, Password Manager Pro versi\u00f3n 9.9, Analytics Plus versi\u00f3n 1.0 y Browser Security Plus."
}
],
"id": "CVE-2019-12133",
"lastModified": "2024-11-21T04:22:17.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-18T22:15:12.027",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
},
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-27 06:29
Modified
2024-11-21 03:08
Severity ?
Summary
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://init6.me/exploiting-manageengine-eventlog-analyzer.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://init6.me/exploiting-manageengine-eventlog-analyzer.html | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 11.4 | |
| zohocorp | manageengine_eventlog_analyzer | 11.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2001AC-0699-40AC-AD32-7DD526A31574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542CF2AD-EC7E-4D05-B70D-D5934ABE6A49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) persistentes en las funciones de visualizaci\u00f3n y an\u00e1lisis de registro de eventos en Zoho ManageEngine Event Log Analyzer versiones 11.4 y 11.5, permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de syslog."
}
],
"id": "CVE-2017-11687",
"lastModified": "2024-11-21T03:08:18.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-27T06:29:00.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-26 19:55
Modified
2024-11-21 02:13
Severity ?
Summary
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | 8.2 | |
| zohocorp | manageengine_eventlog_analyzer | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.2:8020:*:*:*:*:*:*",
"matchCriteriaId": "D436DFEC-7A1C-4BB0-9914-CCA0CCBD3158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.0:9002:*:*:*:*:*:*",
"matchCriteriaId": "0399B4E3-7616-4E81-A42F-E6B31F042CAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072."
},
{
"lang": "es",
"value": "La vulnerabilidad transversal del directorio en el servlet agentUpload en ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 y 8.2 build 8020 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario al cargar un archivo ZIP que contiene un archivo ejecutable con secuencias .. (punto punto) en su nombre, y luego acceder el ejecutable a trav\u00e9s de una solicitud directa al archivo bajo la ra\u00edz web. Corregido en Build 11072."
}
],
"id": "CVE-2014-6037",
"lastModified": "2024-11-21T02:13:38.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-26T19:55:04.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/110642"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Sep/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/3732"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/110642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Sep/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/34519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/69482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/3732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-29 13:55
Modified
2024-11-21 02:11
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | * | |
| zohocorp | manageengine_eventlog_analyzer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:9000:*:*:*:*:*:*",
"matchCriteriaId": "A49F14B4-A3E9-4F95-997F-DA1EFE54CE84",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB4DFBC7-E120-4984-8A71-10874D2DABB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en event / index2.do en ManageEngine EventLog Analyzer anterior a la versi\u00f3n 9.0, compilaci\u00f3n 9002, permiten a los atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s del (1) ancho, (2) altura, (3) url (4) helpP, (5) pesta\u00f1a, (6) m\u00f3dulo, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, o (14) par\u00e1metro del producto. Corregido en Build 11072."
}
],
"id": "CVE-2014-4930",
"lastModified": "2024-11-21T02:11:07.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-29T13:55:04.347",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Aug/74"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Aug/74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69420"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-28 15:59
Modified
2024-11-21 02:36
Severity ?
Summary
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C93AFE3-1217-457F-A045-367B7F897312",
"versionEndIncluding": "10.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\" Fixed in Build 11200."
},
{
"lang": "es",
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 y versiones anteriores permite a los atacantes remotos eludir las restricciones previstas y ejecutar comandos SQL arbitrarios a trav\u00e9s de una consulta permitida seguida de una no permitida en el par\u00e1metro de consulta para event / runQuery.do, como lo demuestra \"SELECT 1; INSERT INTO \". Corregido en Build 11200."
}
],
"id": "CVE-2015-7387",
"lastModified": "2024-11-21T02:36:42.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-28T15:59:04.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"source": "cve@mitre.org",
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38352/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38352/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-13 18:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39 | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/eventlog/features-new.html#release | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/eventlog/features-new.html#release | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AFB8EA-94F1-4D63-883B-B9E6E437408E",
"versionEndExcluding": "12.1.1",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running \"select hostdetails from hostdetails\" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zoho ManageEngine EventLog Analyzer versi\u00f3n 10.0 SP1 versiones anteriores a Build 12110. Al ejecutar \"select hostdetails from hostdetails\" en el endpoint /event/runquery.do, es posible omitir las restricciones de seguridad que impiden que incluso los usuarios administrativos visualicen datos de credenciales almacenados en la base de datos y recupera los hash MD5 de las cuentas usadas para autenticar la plataforma ManageEngine en las m\u00e1quinas administradas sobre la red (con frecuencia cuentas administrativas). Espec\u00edficamente, esto omite estas restricciones: una consulta no puede mencionar la contrase\u00f1a y el resultado de una consulta no puede tener una columna de contrase\u00f1a."
}
],
"id": "CVE-2019-19774",
"lastModified": "2024-11-21T04:35:21.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T18:15:11.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-30 13:15
Modified
2024-11-21 06:00
Severity ?
Summary
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/eventlog/features-new.html#release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/eventlog/features-new.html#release | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | * | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.4 | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.4 | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.4 | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F75F95-CF32-458C-9CE0-894CFAB78B06",
"versionEndExcluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "B5B8AC3F-AAB3-44BC-A89D-2C3D8DE12354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:12141:*:*:*:*:*:*",
"matchCriteriaId": "ACFD1173-F12C-4218-9F3C-28F6099E3BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:12145:*:*:*:*:*:*",
"matchCriteriaId": "BB7893F8-40B7-41E1-AB1B-93D6EA82DF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:12146:*:*:*:*:*:*",
"matchCriteriaId": "284715B5-556F-495E-A44C-0C1E8A5B89B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution."
},
{
"lang": "es",
"value": "Zoho ManageEngine Eventlog Analyzer versiones hasta 12147, es vulnerable al salto de directorio no autenticado por medio de una entrada en un archivo ZIP.\u0026#xa0;Esto conlleva a una ejecuci\u00f3n de c\u00f3digo remota."
}
],
"id": "CVE-2021-28959",
"lastModified": "2024-11-21T06:00:26.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T13:15:07.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html#release"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-13 13:15
Modified
2024-11-21 02:13
Severity ?
Summary
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Nov/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/70959 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/98540 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Nov/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70959 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/98540 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_eventlog_analyzer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F4AD-3FD0-4172-AEB1-2A282356B126",
"versionEndIncluding": "9.9",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000."
},
{
"lang": "es",
"value": "Las versiones 7 hasta la versi\u00f3n 9.9 de Zoho ManageEngine EventLog Analyzer tienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la base de datos. Corregido en EventLog Analyzer 10.0 Build 10000."
}
],
"id": "CVE-2014-6038",
"lastModified": "2024-11-21T02:13:39.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-13T13:15:12.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70959"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}