Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

zohocorp manageengine servicedesk plus msp 10.6 vulnerabilities and exploits

(subscribe to this query)
445
VMScore
CVE-2022-32551
Zoho ManageEngine ServiceDesk Plus MSP prior to 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
Zohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus Msp
NA
CVE-2023-22964
Zoho ManageEngine ServiceDesk Plus MSP prior to 10611, and 13x prior to 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
Zohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus Msp 13.0
NA
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Zohocorp Manageengine Servicedesk Plus 13.0Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter Plus
NA
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP prior to 10609 and SupportCenter Plus prior to 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus Msp
NA
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.0Zohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
445
VMScore
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus prior to 13008, ServiceDesk Plus MSP prior to 10606, and SupportCenter Plus prior to 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer prior to 6977 with aut...
Zohocorp Manageengine Servicedesk Plus 13.0Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook