Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

zohocorp manageengine supportcenter plus 11.0 vulnerabilities and exploits

(subscribe to this query)

3.5
CVSSv2
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history....
Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter Plus
NA
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view....
Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus Msp
NA
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users....
Zohocorp Manageengine Servicedesk Plus 13.0Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter Plus
NA
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure....
Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.0Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Servicedesk Plus Msp 13.0Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
7.5
CVSSv2
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration....
Zohocorp Manageengine Servicedesk Plus 11.2Zohocorp Manageengine Servicedesk Plus Msp 10.5Zohocorp Manageengine Servicedesk Plus 11.3Zohocorp Manageengine Servicedesk Plus 11.1Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter Plus
5
CVSSv2
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with...
Zohocorp Manageengine Servicedesk Plus 13.0Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
NA
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module....
Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.0Zohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
5
CVSSv2
CVE-2021-43296
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor....
Zohocorp Manageengine Supportcenter Plus 11.0
4.3
CVSSv2
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module....
Zohocorp Manageengine Supportcenter Plus 11.0
4.3
CVSSv2
CVE-2021-43294
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module....
Zohocorp Manageengine Supportcenter Plus 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
file inclusionCVE-2021-41144CVE-2022-34689CVE-2023-22242CVE-2023-22322XML injectionCVE-2022-39811CVE-2022-31711buffer overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook