Zoho ManageEngine ServiceDesk Plus prior to 14105, ServiceDesk Plus MSP prior to 14200, SupportCenter Plus prior to 14200, and AssetExplorer prior to 6989 allow SDAdmin malicious users to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine assetexplorer 6.9 |
||
zohocorp manageengine servicedesk plus 14.1 |
||
zohocorp manageengine servicedesk plus |
||
zohocorp manageengine servicedesk plus msp 14.0 |
||
zohocorp manageengine servicedesk plus msp |
||
zohocorp manageengine supportcenter plus 14.0 |
||
zohocorp manageengine supportcenter plus |