Kalimer0X00

**Name of the Vulnerable Software and Affected Versions** Microsoft Configuration Manager (affected versions not specified) **Description** The vulnerability in Microsoft Configuration Manager stems from improper neutralization of special elements used in SQL commands, leading to a potential SQL injection issue. Exploitation could allow an authorized attacker to execute code on an adjacent network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Desktop Central versions prior to 10.0.483 **Description** The issue allows unauthenticated users to access the `PDFGenerationServlet`, leading to sensitive information disclosure. **Recommendations** For versions prior to 10.0.483, update to version 10.0.483 or later to resolve the issue. As a temporary workaround, consider restricting access to the `PDFGenerationServlet` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Desktop Central versions prior to 07-Mar-2020 update **Description** A vulnerability allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. This issue can be exploited to access sensitive information or forge requests to internal servers. **Recommendations** For versions prior to the 07-Mar-2020 update, update to a version released after 07-Mar-2020 to resolve the issue. As a temporary workaround, consider restricting access to XML requests or disabling the XML parsing functionality until a patch is available.