Vulnerabilites related to zohocorp - manageengine_ad360
CVE-2023-35785 (GCVE-0-2023-35785)
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-08-02 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:56:34.893304",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35785",
"datePublished": "2023-08-28T00:00:00",
"dateReserved": "2023-06-16T00:00:00",
"dateUpdated": "2024-08-02T16:30:45.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47966 (GCVE-0-2022-47966)
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"tags": [
"x_transferred"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47966",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:00:59.744032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-01-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-47966"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:32.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2023-01-23T00:00:00+00:00",
"value": "CVE-2022-47966 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T19:33:35.401Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47966",
"datePublished": "2023-01-18T00:00:00.000Z",
"dateReserved": "2022-12-26T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:32.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24786 (GCVE-0-2020-24786)
Vulnerability from cvelistv5
Published
2020-08-31 14:02
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:02:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/data-security/release-notes.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5",
"refsource": "MISC",
"url": "https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"name": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://www.manageengine.com/products/eventlog/features-new.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24786",
"datePublished": "2020-08-31T14:02:05",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-28 20:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Product | |
| cve@mitre.org | https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_ad360 | * | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_adaudit_plus | * | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_adaudit_plus | 7.2 | |
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.2 | |
| zohocorp | manageengine_assetexplorer | * | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 7.0 | |
| zohocorp | manageengine_assetexplorer | 7.0 | |
| zohocorp | manageengine_cloud_security_plus | * | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_datasecurity_plus | * | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_datasecurity_plus | 6.1 | |
| zohocorp | manageengine_eventlog_analyzer | * | |
| zohocorp | manageengine_eventlog_analyzer | 12.3.0 | |
| zohocorp | manageengine_eventlog_analyzer | 12.3.0 | |
| zohocorp | manageengine_exchange_reporter_plus | * | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.7 | |
| zohocorp | manageengine_log360 | * | |
| zohocorp | manageengine_log360 | 5.3 | |
| zohocorp | manageengine_log360 | 5.3 | |
| zohocorp | manageengine_log360 | 5.3 | |
| zohocorp | manageengine_log360 | 5.3 | |
| zohocorp | manageengine_log360 | 5.3 | |
| zohocorp | manageengine_log360 | 5.3 | |
| zohocorp | manageengine_log360 | 5.3 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_log360_ueba | 4.0 | |
| zohocorp | manageengine_m365_manager_plus | * | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_manager_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | * | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_m365_security_plus | 4.5 | |
| zohocorp | manageengine_recoverymanager_plus | * | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_recoverymanager_plus | 6.0 | |
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 14.2 | |
| zohocorp | manageengine_servicedesk_plus | 14.2 | |
| zohocorp | manageengine_servicedesk_plus | 14.2 | |
| zohocorp | manageengine_servicedesk_plus | 14.2 | |
| zohocorp | manageengine_servicedesk_plus | 14.2 | |
| zohocorp | manageengine_servicedesk_plus | 14.3 | |
| zohocorp | manageengine_servicedesk_plus | 14.3 | |
| zohocorp | manageengine_servicedesk_plus | 14.3 | |
| zohocorp | manageengine_servicedesk_plus_msp | * | |
| zohocorp | manageengine_servicedesk_plus_msp | 14.3 | |
| zohocorp | manageengine_sharepoint_manager_plus | * | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_sharepoint_manager_plus | 4.4 | |
| zohocorp | manageengine_supportcenter_plus | * | |
| zohocorp | manageengine_supportcenter_plus | 14.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "9A24DBF5-EBC0-49DB-B253-1098BF1C6180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "9E5C2FC4-A020-42C8-958D-603C82E9F0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4313:*:*:*:*:*:*",
"matchCriteriaId": "D94DE7F6-9231-48F5-8B3F-D8D34594CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4314:*:*:*:*:*:*",
"matchCriteriaId": "27C465F6-F7F2-4FBD-B12F-4795EB47842C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4315:*:*:*:*:*:*",
"matchCriteriaId": "27BCB134-B415-481F-BBDB-650F5AD65EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
"matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
"matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
"matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
"matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
"matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*",
"matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6989:*:*:*:*:*:*",
"matchCriteriaId": "82F1AAC1-E49B-4580-9569-AD9B1E649A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6990:*:*:*:*:*:*",
"matchCriteriaId": "D971F57C-820C-4391-A15C-80A4901BC358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6991:*:*:*:*:*:*",
"matchCriteriaId": "3EAA3D29-2763-4201-9471-A0874727F40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6992:*:*:*:*:*:*",
"matchCriteriaId": "B632C001-CE54-4C22-AB99-7919D8902FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6993:*:*:*:*:*:*",
"matchCriteriaId": "648277D7-3CDD-455B-95D3-CBD9A3A82C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*",
"matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F",
"versionEndExcluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*",
"matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*",
"matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*",
"matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*",
"matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*",
"matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*",
"matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*",
"matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*",
"matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*",
"matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*",
"matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*",
"matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*",
"matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*",
"matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*",
"matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*",
"matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*",
"matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*",
"matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*",
"matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*",
"matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D262240-1B28-4B7C-B673-C10DD878D912",
"versionEndExcluding": "12.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12300:*:*:*:*:*:*",
"matchCriteriaId": "39F6B49B-8531-4A62-B0D9-C1BCD728D4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12301:*:*:*:*:*:*",
"matchCriteriaId": "F2769404-4E8A-478C-9328-269E2C334E31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B83EF5-BEF1-4636-9B3C-AE41E6010F2C",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5300:*:*:*:*:*:*",
"matchCriteriaId": "CF4D70E8-77A6-4F51-A15B-28299D43B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5301:*:*:*:*:*:*",
"matchCriteriaId": "E03D403B-C904-482E-838C-D6595C5D27FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5302:*:*:*:*:*:*",
"matchCriteriaId": "FFEB1CB7-B9F7-463D-88F8-3A2E86264FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5305:*:*:*:*:*:*",
"matchCriteriaId": "E4B18DCB-4A02-4DE6-9B19-D79299934D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5310:*:*:*:*:*:*",
"matchCriteriaId": "2D34C6F9-2578-460F-AF34-2E9494BCDE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5311:*:*:*:*:*:*",
"matchCriteriaId": "48E3DA1B-9FC6-4F07-9F89-6D71EF42FCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5315:*:*:*:*:*:*",
"matchCriteriaId": "B2F48B91-FFD5-4AC4-A198-64870E47AE9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*",
"matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*",
"matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*",
"matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*",
"matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*",
"matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*",
"matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*",
"matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*",
"matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*",
"matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*",
"matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*",
"matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*",
"matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*",
"matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*",
"matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*",
"matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*",
"matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*",
"matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*",
"matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*",
"matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*",
"matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*",
"matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*",
"matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*",
"matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*",
"matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*",
"matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*",
"matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*",
"matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*",
"matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*",
"matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*",
"matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*",
"matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*",
"matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*",
"matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*",
"matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*",
"matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*",
"matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*",
"matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*",
"matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*",
"matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*",
"matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*",
"matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*",
"matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*",
"matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*",
"matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*",
"matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*",
"matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*",
"matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*",
"matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*",
"matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*",
"matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*",
"matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*",
"matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*",
"matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*",
"matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*",
"matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*",
"matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*",
"matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*",
"matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*",
"matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*",
"matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*",
"matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*",
"matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD",
"versionEndExcluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*",
"matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*",
"matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*",
"matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*",
"matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*",
"matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*",
"matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*",
"matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*",
"matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*",
"matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*",
"matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*",
"matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*",
"matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*",
"matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*",
"matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*",
"matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*",
"matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*",
"matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*",
"matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*",
"matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*",
"matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*",
"matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*",
"matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*",
"matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*",
"matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*",
"matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*",
"matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*",
"matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D",
"versionEndExcluding": "14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*",
"matchCriteriaId": "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*",
"matchCriteriaId": "19A77447-AA60-4011-A64B-0A065F43279E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14202:*:*:*:*:*:*",
"matchCriteriaId": "811ADC13-780C-4325-8879-E521CBEC20B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14203:*:*:*:*:*:*",
"matchCriteriaId": "DB25E317-1104-4CFE-8F6A-B8B55F578F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14204:*:*:*:*:*:*",
"matchCriteriaId": "8157D1BB-556A-444B-9F4C-0BD0EF4CF02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
"matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
"matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
"matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
},
{
"lang": "es",
"value": "Zoho ManageEngine Active Directory 360 versiones 4315 e inferiores, ADAudit Plus 7202 e inferiores, ADManager Plus 7200 e inferiores, Asset Explorer 6993 e inferiores y 7xxx 7002 e inferiores, Cloud Security Plus 4161 e inferiores, Data Security Plus 6110 e inferiores, Eventlog Analyzer 12301 y siguientes, Exchange Reporter Plus 5709 y siguientes, Log360 5315 y siguientes, Log360 UEBA 4045 y siguientes, M365 Manager Plus 4529 y siguientes, M365 Security Plus 4529 y siguientes, Recovery Manager Plus 6061 y siguientes, ServiceDesk Plus 14204 y siguientes y 143xx 14302 e inferiores, ServiceDesk Plus MSP 14300 e inferiores, SharePoint Manager Plus 4402 e inferiores, y Support Center Plus 14300 e inferiores son vulnerables a la omisi\u00f3n de 2FA a trav\u00e9s de algunos autenticadores TOTP. Nota: Se requiere un par v\u00e1lido de nombre de usuario y contrase\u00f1a para aprovechar esta vulnerabilidad.\n"
}
],
"id": "CVE-2023-35785",
"lastModified": "2024-11-21T08:08:41.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-28T20:15:08.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-18 18:15
Modified
2025-03-07 21:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis | Exploit, Third Party Advisory | |
| cve@mitre.org | https://blog.viettelcybersecurity.com/saml-show-stopper/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6 | Release Notes | |
| cve@mitre.org | https://github.com/horizon3ai/CVE-2022-47966 | Third Party Advisory | |
| cve@mitre.org | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.viettelcybersecurity.com/saml-show-stopper/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/horizon3ai/CVE-2022-47966 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_access_manager_plus | * | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_access_manager_plus | 4.3 | |
| zohocorp | manageengine_ad360 | * | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_ad360 | 4.3 | |
| zohocorp | manageengine_adaudit_plus | * | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_adaudit_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_admanager_plus | 7.1 | |
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_adselfservice_plus | 6.2 | |
| zohocorp | manageengine_analytics_plus | * | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_analytics_plus | 5.1 | |
| zohocorp | manageengine_assetexplorer | * | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_assetexplorer | 6.9 | |
| zohocorp | manageengine_key_manager_plus | * | |
| zohocorp | manageengine_key_manager_plus | 6.4 | |
| zohocorp | manageengine_pam360 | * | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_pam360 | 5.7 | |
| zohocorp | manageengine_password_manager_pro | * | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_password_manager_pro | 12.1 | |
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus_msp | * | |
| zohocorp | manageengine_servicedesk_plus_msp | 13.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_supportcenter_plus | 11.0 | |
| zohocorp | manageengine_application_control_plus | * | |
| zohocorp | manageengine_browser_security_plus | * | |
| zohocorp | manageengine_device_control_plus | * | |
| zohocorp | manageengine_endpoint_dlp_plus | * | |
| zohocorp | manageengine_os_deployer | * | |
| zohocorp | manageengine_patch_manager_plus | * | |
| zohocorp | manageengine_remote_access_plus | * | |
| zohocorp | manageengine_remote_monitoring_and_management_central | * | |
| zohocorp | manageengine_vulnerability_manager_plus | * |
{
"cisaActionDue": "2023-02-13",
"cisaExploitAdd": "2023-01-23",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*",
"matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*",
"matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*",
"matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*",
"matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*",
"matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*",
"matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA4EA7A-B1C1-4750-A11D-89054B77B320",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "16BADE82-3652-4074-BDFF-828B7213CAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*",
"matchCriteriaId": "97EA9324-9377-46E1-A0EA-637128E65DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*",
"matchCriteriaId": "EA5BE36E-A73A-4D1C-8185-9692373F1444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*",
"matchCriteriaId": "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*",
"matchCriteriaId": "F505C783-09DE-4045-9DB4-DD850B449A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "212BF664-02DE-457F-91A6-6F824ECC963B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "D102B74F-6762-4EFE-BAF7-A7D416867D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*",
"matchCriteriaId": "623151CB-4C6B-4068-B173-FE8E73D652F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*",
"matchCriteriaId": "1D84377E-CB44-4C6A-A665-763A1CD1AF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*",
"matchCriteriaId": "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*",
"matchCriteriaId": "4C568190-1C1B-44FA-B50A-C142A0B8224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*",
"matchCriteriaId": "F876B2E2-C2FF-47BE-9F53-5F86606A08CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68",
"versionEndExcluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
"matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
"matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
"matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*",
"matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*",
"matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*",
"matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*",
"matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*",
"matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*",
"matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*",
"matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*",
"matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2026DE5E-EDDA-4134-A63E-1F01A9ED209F",
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "DBEE7368-580D-422E-80DE-079462579BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "92C88B5F-3689-4314-B23E-D9051808C1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "839EB997-896A-4CD9-BADF-1C2DC2B498F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:*",
"matchCriteriaId": "7A4DF40E-2941-4A38-9297-42502D7EE0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:*",
"matchCriteriaId": "DD056927-1BC0-42A0-8E26-7FC0F4BE58AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:*",
"matchCriteriaId": "99F6F9CC-5A94-4A74-8D36-BE198424C955",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1E5798-5079-4292-9C11-2F334F8AC825",
"versionEndExcluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:*",
"matchCriteriaId": "37D11E5C-C569-4D9F-BFF8-315F6D458D68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*",
"matchCriteriaId": "1E270FB5-C447-4C93-9947-2CE50850A46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*",
"matchCriteriaId": "496AFB26-1E11-4632-8C10-CD80F601FCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:*",
"matchCriteriaId": "B2CE86DA-B688-4E9E-AF16-1974858D18BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:*",
"matchCriteriaId": "4BFA2F57-4506-4B3D-86E8-BE9BEC1134B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C7DC97-8BF1-421F-9272-FD301D2D7A3F",
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*",
"matchCriteriaId": "9BE65B96-74ED-48F1-B86D-CB3387D989CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*",
"matchCriteriaId": "B4127640-1F60-4687-A24A-22B05A125290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*",
"matchCriteriaId": "E42928FB-E0E7-4951-B9B1-CEF60560A945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*",
"matchCriteriaId": "43C059E6-E1CA-4792-B383-93062CD82D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*",
"matchCriteriaId": "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:*",
"matchCriteriaId": "6C34175B-0978-4207-BFC0-F38FDFF9B3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:*",
"matchCriteriaId": "6CAB911E-5CE6-47BA-9909-C42BDFEE0F5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*",
"matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*",
"matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1FCF-76A0-40BC-A38F-56FCB713419F",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*",
"matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F5E8E6-B1AA-4454-86D3-648B67CA915E",
"versionEndExcluding": "10.1.220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FAA4DE-2C24-4ED4-9F2C-84CEA3200E31",
"versionEndExcluding": "11.1.2238.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8239C2A0-BA6D-4B5C-B02F-617178685D52",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA4E3A8-CAB3-461E-8A99-F7D115B17E71",
"versionEndExcluding": "10.1.2137.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC71FA-E248-4DA5-BA76-746631AC435E",
"versionEndExcluding": "1.1.2243.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5784980D-CEBB-4982-BD1F-FD8F5F2A039C",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9F459-2C86-4646-B87C-A55381E0939F",
"versionEndExcluding": "10.1.2228.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D851B9A-EE8F-4634-A26D-BCC44B5CF02A",
"versionEndExcluding": "10.1.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450E672F-FA36-4770-87B6-CC8DA66D2222",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
},
{
"lang": "es",
"value": "M\u00faltiples productos locales de Zoho ManageEngine, como ServiceDesk Plus hasta 14003, permiten la ejecuci\u00f3n remota de c\u00f3digo debido al uso de Apache Santuario xmlsec (tambi\u00e9n conocido como XML Security para Java) 1.4.1, porque las funciones xmlsec XSLT, por dise\u00f1o en esa versi\u00f3n, hacen la aplicaci\u00f3n responsable de ciertas protecciones de seguridad, y las aplicaciones ManageEngine no proporcionaban esas protecciones. Esto afecta a Access Manager Plus anterior a 4308, Active Directory 360 anterior a 4310, ADAudit Plus anterior a 7081, ADManager Plus anterior a 7162, ADSelfService Plus anterior a 6211, Analytics Plus anterior a 5150, Application Control Plus anterior a 10.1.2220.18, Asset Explorer anterior a 6983, Browser Security Plus antes de 11.1.2238.6, Device Control Plus antes de 10.1.2220.18, Endpoint Central antes de 10.1.2228.11, Endpoint Central MSP antes de 10.1.2228.11, Endpoint DLP antes de 10.1.2137.6, Key Manager Plus antes de 6401, OS Deployer antes de 1.1.2243.1, PAM 360 antes de 5713, Password Manager Pro antes de 12124, Patch Manager Plus antes de 10.1.2220.18, Remote Access Plus antes de 10.1.2228.11, Remote Monitoring and Management (RMM) antes de 10.1.41. ServiceDesk Plus anterior a 14004, ServiceDesk Plus MSP anterior a 13001, SupportCenter Plus anterior a 11026 y Vulnerability Manager Plus anterior a 10.1.2220.18. La explotaci\u00f3n solo es posible si alguna vez se ha configurado SAML SSO para un producto (para algunos productos, la explotaci\u00f3n requiere que SAML SSO est\u00e9 actualmente activo).\n"
}
],
"id": "CVE-2022-47966",
"lastModified": "2025-03-07T21:04:52.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-18T18:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5 | ||
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/data-security/release-notes.html | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/eventlog/features-new.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/data-security/release-notes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/eventlog/features-new.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | * | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_adselfservice_plus | 5.8 | |
| zohocorp | manageengine_exchange_reporter_plus | * | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_exchange_reporter_plus | 5.5 | |
| zohocorp | manageengine_ad360 | * | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_ad360 | 4.2 | |
| zohocorp | manageengine_datasecurity_plus | * | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_datasecurity_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | * | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_recovermanager_plus | 6.0 | |
| zohocorp | manageengine_eventlog_analyzer | * | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.3 | |
| zohocorp | manageengine_eventlog_analyzer | 12.1.3 | |
| zohocorp | manageengine_adaudit_plus | * | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_adaudit_plus | 6.0 | |
| zohocorp | manageengine_o365_manager_plus | * | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_o365_manager_plus | 4.3 | |
| zohocorp | manageengine_cloud_security_plus | * | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_cloud_security_plus | 4.1 | |
| zohocorp | manageengine_admanager_plus | * | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_admanager_plus | 7.0 | |
| zohocorp | manageengine_log360 | * | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 | |
| zohocorp | manageengine_log360 | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7380E0EF-684C-487E-B343-672248D8642E",
"versionEndIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "09718DA2-31D3-4CC3-B95D-6A8BE6233700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*",
"matchCriteriaId": "A217F6ED-BC7F-46B7-9D43-D75A3D416322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*",
"matchCriteriaId": "562397B8-DF54-4585-81B4-3F89816CC8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*",
"matchCriteriaId": "319E6B84-4D6C-45D2-BF5A-8461202C4463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*",
"matchCriteriaId": "73DD6611-26EA-44A9-8FAC-0C4A91CAAB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*",
"matchCriteriaId": "B964F5EA-427D-46D5-AE73-3BEBFE42A4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*",
"matchCriteriaId": "94E70435-5332-48F3-9602-FCA1EFB617BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*",
"matchCriteriaId": "AC040DA3-91BB-41CD-ADE3-D2AA0537516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*",
"matchCriteriaId": "8E71EE09-F2D6-4981-A962-14DAC49A9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*",
"matchCriteriaId": "4709685D-CCF0-4444-99B8-4DC6E3D53A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*",
"matchCriteriaId": "13599F95-25B2-4C21-8174-DA966A49249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*",
"matchCriteriaId": "D2CB6693-492A-4607-9D9C-15C746E12864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*",
"matchCriteriaId": "35238419-A73A-4333-9F3D-481FAA1D167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*",
"matchCriteriaId": "BD7FEAF1-A4A5-480C-8BA4-0217E6CE63C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*",
"matchCriteriaId": "4E0B4F11-A1E8-4D21-9707-8639A3040840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*",
"matchCriteriaId": "AAFE9B07-00B7-4211-ADD8-198B7BD4B93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*",
"matchCriteriaId": "7F229F49-EA44-4D0A-855B-FC586CE8CFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*",
"matchCriteriaId": "07AED2F0-F527-4B4A-82FC-F571899F3738",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB7B1B9-633E-4866-B236-94888342ACD1",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5500:*:*:*:*:*:*",
"matchCriteriaId": "1A55E1C9-DCFE-49E7-A9A3-E3A5ECBEE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5501:*:*:*:*:*:*",
"matchCriteriaId": "E8C30A5E-33C7-4EB3-9FB4-D5AECD9A5C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5502:*:*:*:*:*:*",
"matchCriteriaId": "B7085438-77E4-4B12-A885-F2294CF9B318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5503:*:*:*:*:*:*",
"matchCriteriaId": "7821DCD0-30DB-4520-B174-0E51CB07E12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5:5504:*:*:*:*:*:*",
"matchCriteriaId": "4666EEFD-5F91-4F1D-BB15-736A984ABA27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCD7A9D-B1BC-4CE8-9E5D-8795674BB1AA",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4200:*:*:*:*:*:*",
"matchCriteriaId": "14116D8A-9798-4EF2-9652-286D4CBDAADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4201:*:*:*:*:*:*",
"matchCriteriaId": "DAC56F69-9894-4236-9E4E-412403204E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4202:*:*:*:*:*:*",
"matchCriteriaId": "6B180386-1930-4EC2-9AF8-21F375E74BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4203:*:*:*:*:*:*",
"matchCriteriaId": "91787EC1-3053-4784-B985-FC09F368CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4204:*:*:*:*:*:*",
"matchCriteriaId": "B270FDB7-A2E2-4D77-9E68-17E57ED41B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4205:*:*:*:*:*:*",
"matchCriteriaId": "06621A53-3A32-4691-A02A-417A9DBCB9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4206:*:*:*:*:*:*",
"matchCriteriaId": "E32D414E-ADEB-4FE3-8114-815A744DBF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4207:*:*:*:*:*:*",
"matchCriteriaId": "E2A124B0-CAC1-4D17-98FF-DF479F404283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4208:*:*:*:*:*:*",
"matchCriteriaId": "BED5824C-9A62-4A9E-A440-3368D709674B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4209:*:*:*:*:*:*",
"matchCriteriaId": "F36F3D07-F9E3-4CF1-8BD3-73F58B18D35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4210:*:*:*:*:*:*",
"matchCriteriaId": "357AB232-A834-4899-950D-53E0690726A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4212:*:*:*:*:*:*",
"matchCriteriaId": "680C0265-E4DF-4275-8B0C-EBD9E7B5B798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4213:*:*:*:*:*:*",
"matchCriteriaId": "27CA1268-5D13-445A-985B-AE8F5494F61C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4214:*:*:*:*:*:*",
"matchCriteriaId": "2112361C-8F57-40E6-B665-FA8D585FA933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4215:*:*:*:*:*:*",
"matchCriteriaId": "A4E777D1-9414-439C-9309-7C89192905A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4216:*:*:*:*:*:*",
"matchCriteriaId": "FDCD0C9A-0287-4BAA-97C1-CCA96212A8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4217:*:*:*:*:*:*",
"matchCriteriaId": "27D917BB-D64D-4E16-B5E2-485EE127A310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4219:*:*:*:*:*:*",
"matchCriteriaId": "CD0D83CD-3F8B-41A5-8110-2207FC202529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4220:*:*:*:*:*:*",
"matchCriteriaId": "E7569882-9E12-4ED8-9F54-AC1F0C9EC50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4222:*:*:*:*:*:*",
"matchCriteriaId": "F15A754D-A668-42C8-9E37-7A3364BE129B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4223:*:*:*:*:*:*",
"matchCriteriaId": "086FDB61-78D3-4540-B2AC-42DF1D41ABA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4224:*:*:*:*:*:*",
"matchCriteriaId": "6F9285FB-23E4-438E-8081-D0589A8727C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4225:*:*:*:*:*:*",
"matchCriteriaId": "A4E0D81C-36B3-4638-BB0E-18023D13DA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.2:4227:*:*:*:*:*:*",
"matchCriteriaId": "5B1F3742-3B1A-43DC-8CD7-547A4EB436E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3ADF4BC-41C3-483D-A24F-52F5D8D90E02",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "D88BAE7C-AE20-4B66-8380-93CFF7E716F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "A2EA6313-C2FC-45B5-92E6-4239B4E41E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "B6BAA7AF-E61E-40FB-ADA5-CDC51508A848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "9F96ED00-5DBE-4909-90DF-F4CDB4946ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "4CCFDC58-067A-420F-924B-9BFC342411D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "3C532BCE-429E-403D-9D44-9E3B8FD35C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6012:*:*:*:*:*:*",
"matchCriteriaId": "7286F2C9-FB52-4524-8293-81B36E9E8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6013:*:*:*:*:*:*",
"matchCriteriaId": "E70A8EC5-1046-42E8-99DC-D564B66BA987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6020:*:*:*:*:*:*",
"matchCriteriaId": "A6BF11B6-4616-49DC-B7D0-0165691D7ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6021:*:*:*:*:*:*",
"matchCriteriaId": "32FCBB8F-35F2-4A3C-8F04-39AEAAB76BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "75F07512-4B8D-492C-A59A-E2E75713241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "1750C0CC-B017-44DF-95F2-628125E416FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "B0D5FC87-6BD7-4056-8879-7BAF28BB69C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19FFF0-464F-4BAA-BD8F-5A8296EAC724",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "58739BDC-8741-4904-96C4-5E075FF87676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "69C40DE9-1849-437B-8C48-BB5ACD104CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6005:*:*:*:*:*:*",
"matchCriteriaId": "5792AAA4-6E32-48F6-BAF9-91AE9CE468D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6011:*:*:*:*:*:*",
"matchCriteriaId": "BB623771-BA56-4684-85E1-941A5EF0624A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recovermanager_plus:6.0:6016:*:*:*:*:*:*",
"matchCriteriaId": "9CCF0FA4-0326-405B-94F2-513E0FAA6FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "789DE939-8305-4684-B19C-29F5A26E25A6",
"versionEndIncluding": "12.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12130:*:*:*:*:*:*",
"matchCriteriaId": "04E5575C-A204-4A46-ACDB-7A2837B2A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3:12135:*:*:*:*:*:*",
"matchCriteriaId": "22C76170-BE8E-40D7-9AA0-349EBB9DC718",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "350B9823-6421-4817-A9BA-B138918ADEDB",
"versionEndIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6000:*:*:*:*:*:*",
"matchCriteriaId": "053FB8DD-94D7-438A-8802-8ECF8B79FCA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6001:*:*:*:*:*:*",
"matchCriteriaId": "616D32A3-B19A-4C05-BF43-4AEB7573BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6002:*:*:*:*:*:*",
"matchCriteriaId": "28FF33D3-81DE-4849-8EA9-4C396D775892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6003:*:*:*:*:*:*",
"matchCriteriaId": "A6BE7AA0-F201-4F29-BE11-983CAE5BE103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6010:*:*:*:*:*:*",
"matchCriteriaId": "64339FF6-3563-41B2-8B61-A9DF076069C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6030:*:*:*:*:*:*",
"matchCriteriaId": "AD025538-8C73-4648-9C77-25E49FF77A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6031:*:*:*:*:*:*",
"matchCriteriaId": "FB3C81C0-1234-4CAA-8FB1-833FB2EF4872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6032:*:*:*:*:*:*",
"matchCriteriaId": "A5E6D12F-C642-4001-A838-65DDA3F94D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6033:*:*:*:*:*:*",
"matchCriteriaId": "32435B99-81DD-4AEC-ABBF-DEAFAB00CC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6050:*:*:*:*:*:*",
"matchCriteriaId": "37CDC611-B94C-483C-9C4C-5BCFA6CAB7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0:6052:*:*:*:*:*:*",
"matchCriteriaId": "A75E3D4D-5596-4E93-8541-F183AF105231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45EEAE93-0898-4FD8-9A31-FE2D5AAD3E79",
"versionEndIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1312ABF3-93FA-46E7-BF3C-61B1A0E7BA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4301:*:*:*:*:*:*",
"matchCriteriaId": "6912B88D-23D4-4E1E-98B8-60A60314A516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "7392FEE2-8102-4125-8927-4356732ED167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "0A9867BA-BAD0-482E-AC6B-CFDC9BF19AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "B20578E3-8995-4062-9FBF-85B76945B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "96471B59-E195-4FF4-A36C-C4248F970817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "DAD74918-D60A-427A-B46B-979F3D0870A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "91731443-F449-457A-B8BD-017726596714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "C923DAAE-1C60-4A50-800D-422098A143FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "F820E8A0-981A-4C68-AFBF-D263B627F4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4311:*:*:*:*:*:*",
"matchCriteriaId": "84F1A956-19D1-47D3-AEF4-0117A25A1DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "2AE25043-4F64-4B5E-8B9F-B0793FE4834F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4316:*:*:*:*:*:*",
"matchCriteriaId": "2D5849AA-9DD2-4836-9F78-0CFB917A8398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4317:*:*:*:*:*:*",
"matchCriteriaId": "777FFDDC-EA8A-45C5-963A-8982C7FA9D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4318:*:*:*:*:*:*",
"matchCriteriaId": "61658169-04C4-45A5-B6F9-31EABDFC7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4319:*:*:*:*:*:*",
"matchCriteriaId": "0439F4CA-5831-444F-9403-91B08D55CE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4320:*:*:*:*:*:*",
"matchCriteriaId": "CCE01DB3-1C25-4A0A-86A2-48052A01F21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4321:*:*:*:*:*:*",
"matchCriteriaId": "20CF3B2A-E1DA-472C-9E5B-7729F5A9B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4322:*:*:*:*:*:*",
"matchCriteriaId": "EF5CADAA-EE4B-45FE-8B31-910EB2F9A457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4324:*:*:*:*:*:*",
"matchCriteriaId": "317936F9-5856-4C05-96B0-06B286002C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4325:*:*:*:*:*:*",
"matchCriteriaId": "7A6A9E35-0AE0-41EC-95BD-6DA045B670C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4327:*:*:*:*:*:*",
"matchCriteriaId": "02E7A3A5-B101-450A-B048-580535ACD150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4328:*:*:*:*:*:*",
"matchCriteriaId": "A7804A96-2937-46EE-BCCE-7C19D3A0BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4329:*:*:*:*:*:*",
"matchCriteriaId": "92CF2307-5CE0-44C6-BBAB-9974879426D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4330:*:*:*:*:*:*",
"matchCriteriaId": "A8D1D36D-990A-426E-9DA6-8506DA235FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4331:*:*:*:*:*:*",
"matchCriteriaId": "9210E989-CEBE-430A-ABF1-30DFC3B81CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4332:*:*:*:*:*:*",
"matchCriteriaId": "AD45843D-AB8F-4CFF-8EDA-3A1AEB9C3CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4333:*:*:*:*:*:*",
"matchCriteriaId": "81549C4B-1B64-4E4F-91D2-25EA86BB2859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.3:4334:*:*:*:*:*:*",
"matchCriteriaId": "56201D6A-2330-41D0-B38D-9D4A21D6CF20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D116EAD-FC10-4B20-88C1-356C9EE0F8D7",
"versionEndIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF66EAF9-40F8-4C96-B521-58EFEFFEA2C6",
"versionEndIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "4DE6724F-80AA-4B3E-8CF1-1158F6C98AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7010:*:*:*:*:*:*",
"matchCriteriaId": "A4D9B6E0-47A7-48D1-AF6A-A8512475ABD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7011:*:*:*:*:*:*",
"matchCriteriaId": "FFD7E625-FAA2-4452-9E18-5E4A61A93FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7020:*:*:*:*:*:*",
"matchCriteriaId": "8504DAE3-6CD9-4640-9EB1-CB304DB79BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7030:*:*:*:*:*:*",
"matchCriteriaId": "F42110FC-D21E-439E-BB8C-45C03F639CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7040:*:*:*:*:*:*",
"matchCriteriaId": "612E5D11-83D1-4E80-B7A4-57F61690DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7041:*:*:*:*:*:*",
"matchCriteriaId": "C89C31C7-3196-47CD-9A9D-0761CEEB04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "821C24DA-1C22-43ED-AD67-E947D323A3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "FAFEF7B6-4B56-42C8-958B-E0B677F5D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "43CEBA06-F115-41E9-8B3E-C004528340A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "E398D48C-AD94-4E84-9E3A-28A8586B3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "3D042A11-638F-4485-A753-ACF2BE92D900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B0E2FA-186D-48D7-89AE-461224CA7242",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "4F222A9E-12E7-45E6-BF7D-61D60FCF1787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5102:*:*:*:*:*:*",
"matchCriteriaId": "E5EBBD07-EB06-407C-8BFE-139A7F37D129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5107:*:*:*:*:*:*",
"matchCriteriaId": "4408F07A-E77E-4F74-B951-E90D0AD0FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5108:*:*:*:*:*:*",
"matchCriteriaId": "44454167-93A9-4109-A137-0DBF56B870E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "9F95F165-5E41-4F44-A049-1B67F045A3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5111:*:*:*:*:*:*",
"matchCriteriaId": "EF50B0BD-244E-4445-A119-7165829BEA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "0A509BA6-9E79-4250-B412-2CCE2EF20031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5150:*:*:*:*:*:*",
"matchCriteriaId": "CA676B42-6E42-4A5C-986E-C06A4F97500A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5154:*:*:*:*:*:*",
"matchCriteriaId": "CA8D9B25-9BB1-427A-8C07-FB40638218E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5155:*:*:*:*:*:*",
"matchCriteriaId": "B1660FC6-4E59-4F1B-ABAB-51E7CD31B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5160:*:*:*:*:*:*",
"matchCriteriaId": "994FB926-30C1-4399-BE7E-1989375382FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.1:5164:*:*:*:*:*:*",
"matchCriteriaId": "38C88C6C-A399-4B3F-A3DE-8410B68C9C2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zoho ManageEngine Exchange Reporter Plus antes del n\u00famero de compilaci\u00f3n 5510, AD360 antes del n\u00famero de compilaci\u00f3n 4228, ADSelfService Plus antes del n\u00famero de compilaci\u00f3n 5817, DataSecurity Plus antes del n\u00famero de compilaci\u00f3n 6033, RecoverManager Plus antes del n\u00famero de compilaci\u00f3n 6017, EventLog Analyzer antes del n\u00famero de compilaci\u00f3n 12136, ADAudit Adem\u00e1s, antes del n\u00famero de compilaci\u00f3n 6052, O365 Manager Plus antes del n\u00famero de compilaci\u00f3n 4334, Cloud Security Plus antes del n\u00famero de compilaci\u00f3n 4110, ADManager Plus antes del n\u00famero de compilaci\u00f3n 7055 y Log360 antes del n\u00famero de compilaci\u00f3n 5166. El servlet de Java com.manageengine.ads.fw.servlet.UpdateProductDetails accesible remotamente es propenso a una omisi\u00f3n de autenticaci\u00f3n. Las propiedades de integraci\u00f3n del sistema pueden ser modificadas y conllevar a un compromiso total de la suite de ManageEngine"
}
],
"id": "CVE-2020-24786",
"lastModified": "2024-11-21T05:16:04.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.870",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40frycos/another-zoho-manageengine-story-7b472f1515f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/admanager-plus-fixes-and-enhancements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-17-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-fix-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-15-5-2020-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/how-to-identify-and-mitigate-the-unauthenticated-product-integration-vulnerability-18-5-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-cloud-security-plus-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/kb/articles/manageengine-log360-security-advisory-regarding-unauthenticated-product-integration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/data-security/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/eventlog/features-new.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}