Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine supportcenter - vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-38331
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus 14.0
Zohocorp Manageengine Supportcenter Plus 8.0
Zohocorp Manageengine Supportcenter Plus 8.1
5.4
CVSSv3
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus prior to 11020 allows Stored XSS in the request history.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
8.8
CVSSv3
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP prior to 10609 and SupportCenter Plus prior to 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
8.8
CVSSv3
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
1 EDB exploit
2 Github repositories
8.8
CVSSv3
CVE-2014-5302
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
7.2
CVSSv3
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Zohocorp Manageengine Servicedesk Plus 13.0
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
5.4
CVSSv3
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus prior to 14202, ServiceDesk Plus MSP prior to 14300, and SupportCenter Plus prior to 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifi...
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.2
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 14.2
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Supportcenter Plus 14.2
4.9
CVSSv3
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus prior to 14105, ServiceDesk Plus MSP prior to 14200, SupportCenter Plus prior to 14200, and AssetExplorer prior to 6989 allow SDAdmin malicious users to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration...
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Servicedesk Plus 14.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus Msp 14.0
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 14.0
Zohocorp Manageengine Supportcenter Plus
7.5
CVSSv3
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus prior to 13008, ServiceDesk Plus MSP prior to 10606, and SupportCenter Plus prior to 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer prior to 6977 with aut...
Zohocorp Manageengine Servicedesk Plus 13.0
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
6.5
CVSSv3
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »