Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_supportcenter_plus
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-26 | CVE-2023-29443 | Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 4.9 | ||
| 2021-11-30 | CVE-2021-43294 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | Manageengine_supportcenter_plus | 6.1 | ||
| 2021-11-30 | CVE-2021-43295 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. | Manageengine_supportcenter_plus | 6.1 | ||
| 2021-11-30 | CVE-2021-43296 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | Manageengine_supportcenter_plus | 7.5 | ||
| 2022-04-05 | CVE-2022-25373 | Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | Manageengine_supportcenter_plus | 5.4 | ||
| 2022-07-12 | CVE-2022-35403 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 7.5 | ||
| 2022-07-26 | CVE-2022-36412 | In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.) | Manageengine_supportcenter_plus | 9.8 | ||
| 2023-02-01 | CVE-2023-23076 | OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | Manageengine_supportcenter_plus | 9.8 | ||
| 2023-03-06 | CVE-2023-26601 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 7.5 | ||
| 2023-07-07 | CVE-2023-34197 | Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 5.4 |