Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine servicedesk plus vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP prior to 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
1 Github repository
7.5
CVSSv2
CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP prior to 10521 is vulnerable to Server-Side Request Forgery (SSRF).
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
NA
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP prior to 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
Zohocorp Manageengine Servicedesk Plus Msp 14.5
Zohocorp Manageengine Servicedesk Plus Msp
5
CVSSv2
CVE-2022-32551
Zoho ManageEngine ServiceDesk Plus MSP prior to 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
NA
CVE-2023-22964
Zoho ManageEngine ServiceDesk Plus MSP prior to 10611, and 13x prior to 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp 13.0
4
CVSSv2
CVE-2015-1480
ZOHO ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) re...
Manageengine Servicedesk Plus
1 EDB exploit
4.3
CVSSv2
CVE-2011-1510
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) prior to 8012 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter.
Manageengine Servicedesk Plus
NA
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and be...
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Assetexplorer 7.0
Zohocorp Manageengine Cloud Security Plus 4.1
Zohocorp Manageengine Cloud Security Plus
Zohocorp Manageengine Datasecurity Plus 6.1
Zohocorp Manageengine Datasecurity Plus
Zohocorp Manageengine Eventlog Analyzer 12.3.0
Zohocorp Manageengine Eventlog Analyzer
Zohocorp Manageengine Exchange Reporter Plus 5.7
Zohocorp Manageengine Exchange Reporter Plus
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.3
Zohocorp Manageengine Log360 Ueba 4.0
Zohocorp Manageengine M365 Manager Plus 4.5
Zohocorp Manageengine M365 Manager Plus
9
CVSSv2
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
1 EDB exploit
2 Github repositories
9
CVSSv2
CVE-2014-5302
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »