zohocorp manageengine servicedesk plus msp vulnerabilities and exploits

(subscribe to this query)

7.5

CVSSv2

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF)....

Zohocorp Manageengine Servicedesk Plus Msp Zohocorp Manageengine Servicedesk Plus Msp 10.5

NA

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users....

Zohocorp Manageengine Servicedesk Plus 13.0 Zohocorp Manageengine Servicedesk Plus Zohocorp Manageengine Servicedesk Plus Msp 10.6 Zohocorp Manageengine Servicedesk Plus Msp Zohocorp Manageengine Supportcenter Plus 11.0 Zohocorp Manageengine Supportcenter Plus1 Github repository available

NA

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view....

Zohocorp Manageengine Supportcenter Plus 11.0 Zohocorp Manageengine Supportcenter Plus Zohocorp Manageengine Servicedesk Plus Msp 10.6 Zohocorp Manageengine Servicedesk Plus Msp1 Github repository available

NA

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports....

Zohocorp Manageengine Supportcenter Plus 11.0 Zohocorp Manageengine Supportcenter Plus Zohocorp Manageengine Assetexplorer 6.9 Zohocorp Manageengine Assetexplorer Zohocorp Manageengine Servicedesk Plus Msp Zohocorp Manageengine Servicedesk Plus Msp 13.0 Zohocorp Manageengine Servicedesk Plus 14.1 Zohocorp Manageengine Servicedesk Plus

5

CVSSv2

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure....

Zohocorp Manageengine Servicedesk Plus Msp Zohocorp Manageengine Servicedesk Plus Msp 10.5

7.5

CVSSv2

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required....

Zohocorp Manageengine Servicedesk Plus Msp 10.5 Zohocorp Manageengine Servicedesk Plus Msp

5

CVSSv2

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data....

Zohocorp Manageengine Servicedesk Plus 10.5 Zohocorp Manageengine Servicedesk Plus Msp Zohocorp Manageengine Servicedesk Plus Msp 10.5

NA

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module....

Zohocorp Manageengine Servicedesk Plus Zohocorp Manageengine Servicedesk Plus 14.0 Zohocorp Manageengine Servicedesk Plus Msp 10.6 Zohocorp Manageengine Servicedesk Plus Msp Zohocorp Manageengine Supportcenter Plus 11.0 Zohocorp Manageengine Supportcenter Plus Zohocorp Manageengine Assetexplorer 6.9 Zohocorp Manageengine Assetexplorer1 Github repository available

7.5

CVSSv2

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration....

Zohocorp Manageengine Servicedesk Plus 11.2 Zohocorp Manageengine Servicedesk Plus Msp 10.5 Zohocorp Manageengine Servicedesk Plus 11.3 Zohocorp Manageengine Servicedesk Plus 11.1 Zohocorp Manageengine Servicedesk Plus Msp Zohocorp Manageengine Supportcenter Plus 11.0 Zohocorp Manageengine Supportcenter Plus4 Github repositories available6 Articles available

5

CVSSv2

Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml)....

Zohocorp Manageengine Servicedesk Plus Msp 10.6 Zohocorp Manageengine Servicedesk Plus Msp

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook