Servicetonic CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-28024	1 Servicetonic	1 Servicetonic	2024-11-21	9.8 Critical
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.
CVE-2021-28023	1 Servicetonic	1 Servicetonic	2024-11-21	9.8 Critical
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.
CVE-2021-28022	1 Servicetonic	1 Servicetonic	2024-11-21	7.5 High
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.

Page 1 of 1.