Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
servicedesk plus vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP prior to 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
1 Github repository
9.8
CVSSv3
CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP prior to 10521 is vulnerable to Server-Side Request Forgery (SSRF).
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
5.4
CVSSv3
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP prior to 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
Zohocorp Manageengine Servicedesk Plus Msp 14.5
Zohocorp Manageengine Servicedesk Plus Msp
9.1
CVSSv3
CVE-2023-22964
Zoho ManageEngine ServiceDesk Plus MSP prior to 10611, and 13x prior to 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp 13.0
8.8
CVSSv3
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP prior to 10609 and SupportCenter Plus prior to 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
NA
CVE-2011-1510
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) prior to 8012 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter.
Manageengine Servicedesk Plus
5.4
CVSSv3
CVE-2016-4888
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus prior to 9.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Zohocorp Servicedesk Plus
5.3
CVSSv3
CVE-2016-4890
ZOHO ManageEngine ServiceDesk Plus prior to 9.2 uses an insecure method for generating cookies, which makes it easier for malicious users to obtain sensitive password information by leveraging access to a cookie.
Zohocorp Servicedesk Plus
NA
CVE-2015-1479
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
Zohocorp Servicedesk Plus
1 EDB exploit
NA
CVE-2015-1480
ZOHO ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) re...
Manageengine Servicedesk Plus
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »