Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
zohocorp manageengine supportcenter plus vulnerabilities and exploits
(subscribe to this query)
8.8
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view....
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
1 Github repository available
5.4
CVSSv3
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history....
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
1 Github repository available
7.2
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users....
Zohocorp Manageengine Servicedesk Plus 13.0
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
1 Github repository available
4.9
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure....
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 13.0
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
1 Github repository available
6.5
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module....
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
1 Github repository available
9.8
CVSSv3
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration....
Zohocorp Manageengine Servicedesk Plus 11.2
Zohocorp Manageengine Servicedesk Plus Msp 10.5
Zohocorp Manageengine Servicedesk Plus 11.3
Zohocorp Manageengine Servicedesk Plus 11.1
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
4 Github repositories available
6 Articles available
7.5
CVSSv3
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with...
Zohocorp Manageengine Servicedesk Plus 13.0
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
NA
CVE-2015-0866
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do....
Zohocorp Manageengine Supportcenter Plus
NA
CVE-2014-100002
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket....
Zohocorp Manageengine Supportcenter Plus
1 EDB exploit available
1 Metasploit module available
7.5
CVSSv3
CVE-2021-43296
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor....
Zohocorp Manageengine Supportcenter Plus 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-45441
arbitrary
CVE-2022-31254
CVE-2023-0719
CVE-2023-25136
CVE-2023-0744
CVE-2022-0847
unspecified
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »