manageengine assetexplorer vulnerabilities and exploits

9
CVSSv2
CVE-2014-5302

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code....

9
CVSSv2
CVE-2014-5301

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4....

ManageengineAssetexplorerIt360Servicedesk PlusSupportcenter
4.3
CVSSv2
CVE-2019-12595

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12537

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12597

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName....

ZohocorpManageengine Assetexplorer
6.5
CVSSv2
CVE-2019-12994

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL....

6.5
CVSSv2
CVE-2019-12959

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter....

4.3
CVSSv2
CVE-2019-12596

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2018-17596

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter....

5.5
CVSSv2
CVE-2019-14693

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources....