Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
supportcenter vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-43294
Zoho ManageEngine SupportCenter Plus prior to 11016 is vulnerable to Reflected XSS in the Products module.
Zohocorp Manageengine Supportcenter Plus 11.0
7.5
CVSSv3
CVE-2021-43296
Zoho ManageEngine SupportCenter Plus prior to 11016 is vulnerable to an SSRF attack in ActionExecutor.
Zohocorp Manageengine Supportcenter Plus 11.0
9.8
CVSSv3
CVE-2023-23076
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
Zohocorp Manageengine Supportcenter Plus 11.0
3.3
CVSSv3
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
Zohocorp Manageengine Supportcenter Plus 11.0
8.8
CVSSv3
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP prior to 10609 and SupportCenter Plus prior to 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
8.8
CVSSv3
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
1 EDB exploit
2 Github repositories
8.8
CVSSv3
CVE-2014-5302
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
7.2
CVSSv3
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Zohocorp Manageengine Servicedesk Plus 13.0
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus Msp 10.6
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
5.4
CVSSv3
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus prior to 14202, ServiceDesk Plus MSP prior to 14300, and SupportCenter Plus prior to 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifi...
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.2
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 14.2
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Supportcenter Plus 14.2
4.9
CVSSv3
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus prior to 14105, ServiceDesk Plus MSP prior to 14200, SupportCenter Plus prior to 14200, and AssetExplorer prior to 6989 allow SDAdmin malicious users to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration...
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Servicedesk Plus 14.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus Msp 14.0
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 14.0
Zohocorp Manageengine Supportcenter Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »