Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp servicedesk plus vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-20081
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated malicious user to execute arbitrary commands with SYSTEM privileges.
Zohocorp Manageengine Servicedesk Plus 11.2
Zohocorp Manageengine Servicedesk Plus
7.5
CVSSv2
CVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP prior to 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
Zohocorp Manageengine Servicedesk Plus Msp 10.5
Zohocorp Manageengine Servicedesk Plus Msp
7.5
CVSSv2
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus prior to 11306, ServiceDesk Plus MSP prior to 10530, and SupportCenter Plus prior to 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
Zohocorp Manageengine Servicedesk Plus 11.2
Zohocorp Manageengine Servicedesk Plus Msp 10.5
Zohocorp Manageengine Servicedesk Plus 11.3
Zohocorp Manageengine Servicedesk Plus 11.1
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
2 Github repositories
1 Article
7.5
CVSSv2
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus prior to 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
Zohocorp Manageengine Servicedesk Plus 11.1
Zohocorp Manageengine Servicedesk Plus 11.0
Zohocorp Manageengine Servicedesk Plus 11.2
Zohocorp Manageengine Servicedesk Plus 11.3
7.5
CVSSv2
CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP prior to 10521 is vulnerable to Server-Side Request Forgery (SSRF).
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
7.5
CVSSv2
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
7.2
CVSSv2
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current di...
Zohocorp Manageengine Mobile Device Manager Plus 9.0.0
Zohocorp Manageengine Patch Connect Plus 9.0.0
Zohocorp Manageengine Vulnerability Manager Plus 9.0.0
Zohocorp Manageengine Patch Manager Plus 9.0.0
Zohocorp Manageengine Browser Security Plus -
Zohocorp Manageengine Eventlog Analyzer 12.0.2
Zohocorp Manageengine Supportcenter Plus 8.1
Zohocorp Manageengine Opmanager 12.3
Zohocorp Manageengine Oputils 11.0
Zohocorp Manageengine Desktop Central 10.0.380
Zohocorp Manageengine Firewall 12.0
Zohocorp Manageengine Key Manager Plus 5.6
Zohocorp Manageengine Password Manager Pro 9.9
Zohocorp Manageengine Analytics Plus 1.0
Zohocorp Manageengine Servicedesk Plus 10.0.0
Zohocorp Manageengine O365 Manager Plus 4.0
Zohocorp Manageengine Netflow Analyzer 11.0
Zohocorp Manageengine Network Configuration Manager 11.0
6.8
CVSSv2
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus prior to 12003 allows authentication bypass in certain admin configurations.
Zohocorp Manageengine Servicedesk Plus 10.0.0
Zohocorp Manageengine Servicedesk Plus 11.1
Zohocorp Manageengine Servicedesk Plus 9.1
Zohocorp Manageengine Servicedesk Plus 9.2
Zohocorp Manageengine Servicedesk Plus 9.3
Zohocorp Manageengine Servicedesk Plus 8.2
Zohocorp Manageengine Servicedesk Plus 9.0
Zohocorp Manageengine Servicedesk Plus 9.4
Zohocorp Manageengine Servicedesk Plus 10.5
Zohocorp Manageengine Servicedesk Plus 11.0
Zohocorp Manageengine Servicedesk Plus 8.1
Zohocorp Manageengine Servicedesk Plus 10.0
Zohocorp Manageengine Servicedesk Plus 11.2
Zohocorp Manageengine Servicedesk Plus 11.3
Zohocorp Manageengine Servicedesk Plus 12.0
6.5
CVSSv2
CVE-2020-35682
Zoho ManageEngine ServiceDesk Plus prior to 11134 allows an Authentication Bypass (only during SAML login).
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 11.1
1 Github repository
6.5
CVSSv2
CVE-2019-10008
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect passwor...
Zohocorp Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »