Product:

Manageengine_servicedesk_plus

(Zohocorp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 49
Date Id Summary Products Score Patch Annotated
2023-11-15 CVE-2023-6105 An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Manageengine_access_manager_plus, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_adselfservice_plus, Manageengine_analytics_plus, Manageengine_appcreator, Manageengine_application_control_plus, Manageengine_assetexplorer, Manageengine_browser_security_plus, Manageengine_cloud_security_plus, Manageengine_datasecurity_plus, Manageengine_device_control_plus, Manageengine_endpoint_central, Manageengine_endpoint_central_msp, Manageengine_endpoint_dlp_plus, Manageengine_exchange_reporter_plus, Manageengine_firewall_analyzer, Manageengine_log360_ueba, Manageengine_m365_manager_plus, Manageengine_m365_security_plus, Manageengine_mobile_device_manager_plus, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_opmanager, Manageengine_oputils, Manageengine_os_deployer, Manageengine_pam360, Manageengine_password_manager_pro, Manageengine_patch_connect_plus, Manageengine_patch_manager_plus, Manageengine_recoverymanager_plus, Manageengine_remote_access_plus, Manageengine_remote_monitoring_and_management, Manageengine_secure_gateway_server, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_sharepoint_manager_plus, Manageengine_supportcenter_plus, Manageengine_vulnerability_manager_plus 5.5
2021-09-01 CVE-2021-37415 Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Manageengine_servicedesk_plus 9.8
2023-04-26 CVE-2023-29443 Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 4.9
2020-01-23 CVE-2020-6843 Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. Manageengine_servicedesk_plus 4.8
2020-05-18 CVE-2020-13154 Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. Manageengine_servicedesk_plus 6.5
2020-06-12 CVE-2020-14048 Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. Manageengine_servicedesk_plus 7.5
2021-03-13 CVE-2020-35682 Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). Manageengine_servicedesk_plus 8.8
2021-04-09 CVE-2021-20080 Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. Manageengine_servicedesk_plus 6.1
2021-06-10 CVE-2021-20081 Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. Manageengine_servicedesk_plus 7.2
2021-12-23 CVE-2021-44526 Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Manageengine_servicedesk_plus 9.8