manageengine assetexplorer vulnerabilities and exploits

9
CVSSv2
CVE-2014-5302

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code....

9
CVSSv2
CVE-2014-5301

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4....

ManageengineAssetexplorerIt360Servicedesk PlusSupportcenter
4.3
CVSSv2
CVE-2019-12539

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12540

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12595

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12596

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12597

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12537

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field....

ZohocorpManageengine Assetexplorer
6.5
CVSSv2
CVE-2019-12994

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL....

6.5
CVSSv2
CVE-2019-12959

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter....