RSS   Vulnerabilities for 'Manageengine servicedesk plus'   RSS

2022-07-12
 
CVE-2022-35403

NVD-CWE-noinfo
 

 
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)

 
2022-04-05
 
CVE-2022-25245

CWE-200
 

 
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.

 
2022-01-27
 
CVE-2021-46065

CWE-79
 

 
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.

 
2021-11-29
 
CVE-2021-44077

CWE-287
 

 
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.

 
2021-09-01
 
CVE-2021-37415

CWE-287
 

 
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

 
2021-06-29
 
CVE-2021-31160

NVD-CWE-noinfo
 

 
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.

 
2021-03-13
 
CVE-2020-35682

CWE-863
 

 
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

 
2020-06-12
 
CVE-2020-14048

CWE-306
 

 
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.

 
2020-05-18
 
CVE-2020-13154

CWE-522
 

 
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

 
2020-05-14
 
CVE-2019-15083

CWE-79
 

 
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.

 


Copyright 2024, cxsecurity.com

 

Back to Top