Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

zohocorp manageengine supportcenter plus vulnerabilities and exploits

(subscribe to this query)

5.4
CVE-2023-38331
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module....
Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter Plus 14.0Zohocorp Manageengine Supportcenter Plus 8.0Zohocorp Manageengine Supportcenter Plus 8.1
7.2
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users....
Zohocorp Manageengine Servicedesk Plus 13.0Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter Plus
5.4
CVSSv3
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history....
Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter Plus
8.8
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view....
Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus Msp
6.5
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module....
Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.0Zohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
4.9
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint....
Zohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Servicedesk Plus 14.1Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 14.0Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 14.0Zohocorp Manageengine Supportcenter Plus
5.4
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make...
Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.2Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Servicedesk Plus Msp 14.2Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Supportcenter Plus 14.2
9.8
CVSSv3
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration....
Zohocorp Manageengine Servicedesk Plus 11.2Zohocorp Manageengine Servicedesk Plus Msp 10.5Zohocorp Manageengine Servicedesk Plus 11.3Zohocorp Manageengine Servicedesk Plus 11.1Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0
7.5
CVSSv3
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with...
Zohocorp Manageengine Servicedesk Plus 13.0Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
7.5
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS)....
Zohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine AssetexplorerZohocorp Manageengine Servicedesk Plus 14.1Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 14.0Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 14.0Zohocorp Manageengine Supportcenter Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
local file inclusionCVE-2023-46773CVE-2023-49376CVE-2023-49377hard-codedCVE-2023-49241local usersCVE-2023-23397CVE-2023-26360
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook