Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

zohocorp manageengine servicedesk plus msp vulnerabilities and exploits

(subscribe to this query)

5.3
CVSSv3
CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732....
Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Servicedesk Plus Msp 10.5
7.5
CVSSv3
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with...
Zohocorp Manageengine Servicedesk Plus 13.0Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
4.9
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure....
Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.0Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Servicedesk Plus Msp 13.0Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Manageengine Supportcenter PlusZohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine Assetexplorer
7.5
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS)....
Zohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine AssetexplorerZohocorp Manageengine Servicedesk Plus 14.1Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus Msp 14.0Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Supportcenter Plus 14.0Zohocorp Manageengine Supportcenter Plus
9.1
CVE-2023-22964
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled....
Zohocorp Manageengine Servicedesk Plus Msp 10.6Zohocorp Manageengine Servicedesk Plus Msp 13.0
9.8
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for...
Zohocorp Manageengine Access Manager Plus 4.3Zohocorp Manageengine Access Manager PlusZohocorp Manageengine Ad360Zohocorp Manageengine Ad360 4.3Zohocorp Manageengine Adaudit Plus 7.0Zohocorp Manageengine Adaudit PlusZohocorp Manageengine Admanager Plus 7.1Zohocorp Manageengine Admanager PlusZohocorp Manageengine Adselfservice Plus 6.2Zohocorp Manageengine Adselfservice PlusZohocorp Manageengine Analytics PlusZohocorp Manageengine Analytics Plus 5.1Zohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine AssetexplorerZohocorp Manageengine Key Manager PlusZohocorp Manageengine Key Manager Plus 6.4Zohocorp Manageengine Pam360 5.7Zohocorp Manageengine Pam360Zohocorp Manageengine Password Manager ProZohocorp Manageengine Password Manager Pro 12.1Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.0Zohocorp Manageengine Servicedesk Plus MspZohocorp Manageengine Servicedesk Plus Msp 13.0Zohocorp Manageengine Supportcenter Plus 11.0Zohocorp Application Control PlusZohocorp Manageengine Browser Security PlusZohocorp Manageengine Device Control PlusZohocorp Manageengine Desktop CentralZohocorp Manageengine Endpoint Dlp PlusZohocorp Manageengine Os DeployerZohocorp Manageengine Patch Manager PlusZohocorp Manageengine Remote Access PlusZohocorp Manageengine Vulnerability Manager PlusZohocorp Manageengine Rmm Central
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-25675CVE-2023-21072physicalCVE-2023-28446encryptionCVE-2023-21076server-side request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook