Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_servicedesk_plus_msp
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-27 | CVE-2024-27314 | Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. | Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | N/A | ||
| 2025-05-22 | CVE-2025-3444 | Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded. | Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | N/A | ||
| 2024-01-18 | CVE-2023-49943 | Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | Manageengine_servicedesk_plus_msp | 5.4 | ||
| 2021-06-29 | CVE-2021-31530 | Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. | Manageengine_servicedesk_plus_msp | 7.5 | ||
| 2021-06-29 | CVE-2021-31160 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. | Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp | 7.5 | ||
| 2021-06-29 | CVE-2021-31531 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | Manageengine_servicedesk_plus_msp | 9.8 | ||
| 2022-11-12 | CVE-2022-40773 | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 8.8 | ||
| 2022-11-23 | CVE-2022-40770 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. | Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 7.2 | ||
| 2022-11-23 | CVE-2022-40771 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 4.9 | ||
| 2022-11-23 | CVE-2022-40772 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 6.5 |