Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Manageengine servicedesk plus'
2022-07-12
CVE-2022-35403
NVD-CWE-noinfo
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
2022-04-05
CVE-2022-25245
CWE-200
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
2022-01-27
CVE-2021-46065
CWE-79
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
2021-11-29
CVE-2021-44077
CWE-287
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
2021-09-01
CVE-2021-37415
CWE-287
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
2021-06-29
CVE-2021-31160
NVD-CWE-noinfo
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
2021-03-13
CVE-2020-35682
CWE-863
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
2020-06-12
CVE-2020-14048
CWE-306
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
2020-05-18
CVE-2020-13154
CWE-522
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
2020-05-14
CVE-2019-15083
CWE-79
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Manageengine servicedesk plus' 