Manageengine_servicedesk_plus - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Manageengine_servicedesk_plus
(Zohocorp)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	46

Date	Id	Summary	Products	Score	Patch	Annotated
2023-04-26	CVE-2023-29443	Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.	Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus	4.9
2023-03-06	CVE-2023-26600	ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.	Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus	6.5
2023-03-06	CVE-2023-26601	Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).	Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus	7.5
2019-05-21	CVE-2019-12252	In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.	Manageengine_servicedesk_plus	6.5
2023-02-01	CVE-2023-23077	Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.	Manageengine_servicedesk_plus	6.1
2023-02-01	CVE-2023-23078	Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.	Manageengine_servicedesk_plus	6.1
2023-02-01	CVE-2023-23073	Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.	Manageengine_servicedesk_plus	6.1
2023-02-01	CVE-2023-23074	Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.	Manageengine_servicedesk_plus	6.1
2022-11-23	CVE-2022-40771	Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.	Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus	4.9
2022-11-23	CVE-2022-40770	Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.	Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus	7.2