Filtered by vendor Zohocorp Subscriptions
Filtered by product Manageengine Servicedesk Plus Subscriptions
Total 48 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-10273 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 N/A
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
CVE-2019-8394 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 N/A
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVE-2019-8395 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 N/A
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVE-2020-35682 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 8.8 High
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
CVE-2020-14048 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 7.5 High
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
CVE-2020-13154 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 6.5 Medium
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
CVE-2020-6843 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 4.8 Medium
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
CVE-2021-46065 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 4.8 Medium
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
CVE-2021-44526 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 9.8 Critical
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
CVE-2021-44077 1 Zohocorp 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus 2024-08-04 9.8 Critical
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
CVE-2021-37415 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-04 9.8 Critical
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
CVE-2021-31160 1 Zohocorp 2 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp 2024-08-03 7.5 High
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVE-2021-20080 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-03 6.1 Medium
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
CVE-2021-20081 2 Microsoft, Zohocorp 2 Windows, Manageengine Servicedesk Plus 2024-08-03 7.2 High
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
CVE-2022-40772 1 Zohocorp 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more 2024-08-03 6.5 Medium
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
CVE-2022-40770 1 Zohocorp 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus 2024-08-03 7.2 High
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
CVE-2022-40771 1 Zohocorp 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more 2024-08-03 4.9 Medium
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
CVE-2022-35403 1 Zohocorp 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more 2024-08-03 7.5 High
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
CVE-2022-25245 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-08-03 5.3 Medium
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
CVE-2023-35785 1 Zohocorp 17 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 14 more 2024-08-02 8.1 High
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.