RSS   Podatności dla 'Manageengine servicedesk plus'   RSS

2021-11-29
 
CVE-2021-44077

CWE-287
 

 
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.

 
2021-09-01
 
CVE-2021-37415

CWE-287
 

 
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

 
2021-06-29
 
CVE-2021-31160

NVD-CWE-noinfo
 

 
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.

 
2021-03-13
 
CVE-2020-35682

CWE-863
 

 
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

 
2020-06-12
 
CVE-2020-14048

CWE-306
 

 
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.

 
2020-05-18
 
CVE-2020-13154

CWE-522
 

 
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

 
2020-05-14
 
CVE-2019-15083

CWE-79
 

 
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.

 
2020-01-23
 
CVE-2020-6843

CWE-79
 

 
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.

 
2019-07-11
 
CVE-2019-12540

CWE-79
 

 
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.

 
 
CVE-2019-12539

CWE-79
 

 
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.

 


Copyright 2022, cxsecurity.com

 

Back to Top