Latest zohocorp manageengine servicedesk plus Vulnerabilities

CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4...
Zohocorp Manageengine Ad360<4.3
Zohocorp Manageengine Ad360=4.3-4300
Zohocorp Manageengine Ad360=4.3-4302
Zohocorp Manageengine Ad360=4.3-4303
Zohocorp Manageengine Ad360=4.3-4304
Zohocorp Manageengine Ad360=4.3-4305
and 229 more
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unpr...
Zohocorp Manageengine Servicedesk Plus<14.2
Zohocorp Manageengine Servicedesk Plus=14.2-14200
Zohocorp Manageengine Servicedesk Plus=14.2-14201
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<14.2
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.2-14200
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.2-14201
and 4 more
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a ...
Zohocorp Manageengine Assetexplorer=6.9-6980
Zohocorp Manageengine Assetexplorer=6.9-6981
Zohocorp Manageengine Assetexplorer=6.9-6982
Zohocorp Manageengine Assetexplorer=6.9-6983
Zohocorp Manageengine Assetexplorer=6.9-6984
Zohocorp Manageengine Assetexplorer=6.9-6985
and 16 more
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 42 more
CVE-2023-26600
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 74 more
CVE-2023-23078
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zohocorp Manageengine Servicedesk Plus=14.0-14001
Zohocorp Manageengine Servicedesk Plus=14.0-14002
Zohocorp Manageengine Servicedesk Plus=14.0-14003
Zohocorp Manageengine Servicedesk Plus=14.0-14004
and 2 more
CVE-2023-23074
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zohocorp Manageengine Servicedesk Plus=14.0-14001
Zohocorp Manageengine Servicedesk Plus=14.0-14002
Zohocorp Manageengine Servicedesk Plus=14.0-14003
Zohocorp Manageengine Servicedesk Plus=14.0-14004
and 2 more
CVE-2023-23073
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zohocorp Manageengine Servicedesk Plus=14.0-14001
Zohocorp Manageengine Servicedesk Plus=14.0-14002
Zohocorp Manageengine Servicedesk Plus=14.0-14003
Zohocorp Manageengine Servicedesk Plus=14.0-14004
and 2 more
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0-13000
and 58 more
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
and 65 more
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Zohocorp Manageengine Servicedesk Plus<13.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
Zohocorp Manageengine Servicedesk Plus=13.0-13001
Zohocorp Manageengine Servicedesk Plus=13.0-13002
Zohocorp Manageengine Servicedesk Plus=13.0-13003
Zohocorp Manageengine Servicedesk Plus=13.0-13004
and 45 more
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticke...
Zohocorp Manageengine Servicedesk Plus<13.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
Zohocorp Manageengine Servicedesk Plus=13.0-13001
Zohocorp Manageengine Servicedesk Plus=13.0-13002
Zohocorp Manageengine Servicedesk Plus=13.0-13003
Zohocorp Manageengine Servicedesk Plus=13.0-13004
and 59 more
CVE-2022-25245
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
Zohocorp Manageengine Servicedesk Plus<=12.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
Zohocorp Manageengine Servicedesk Plus=11.3-11306
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
Zohocorp Manageengine Servicedesk Plus=8.1
Zohocorp Manageengine Servicedesk Plus=8.2
Zohocorp Manageengine Servicedesk Plus=8.2-8201
Zohocorp Manageengine Servicedesk Plus=8.2-8202
Zohocorp Manageengine Servicedesk Plus=8.2-8203
Zohocorp Manageengine Servicedesk Plus=8.2-8204
and 359 more
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
Zohocorp Manageengine Servicedesk Plus=11.1-11138
Zohocorp Manageengine Servicedesk Plus=11.1-11139
Zohocorp Manageengine Servicedesk Plus=11.1-11140
Zohocorp Manageengine Servicedesk Plus=11.1-11141
Zohocorp Manageengine Servicedesk Plus=11.1-11142
Zohocorp Manageengine Servicedesk Plus=11.1-11143
and 139 more
CVE-2021-37415
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
Zohocorp Manageengine Servicedesk Plus=11.0-11005
Zohocorp Manageengine Servicedesk Plus=11.0-11006
Zohocorp Manageengine Servicedesk Plus=11.0-11007
Zohocorp Manageengine Servicedesk Plus=11.0-11008
Zohocorp Manageengine Servicedesk Plus=11.0-11009
Zohocorp Manageengine Servicedesk Plus=11.0-11010
and 60 more
CVE-2021-20081
Zohocorp Manageengine Servicedesk Plus<11.2
Zohocorp Manageengine Servicedesk Plus=11.2
Zohocorp Manageengine Servicedesk Plus=11.2-build11201
Zohocorp Manageengine Servicedesk Plus=11.2-build11202
Zohocorp Manageengine Servicedesk Plus=11.2-build11203
Zohocorp Manageengine Servicedesk Plus=11.2-build11204
and 1 more
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persisten...
Zohocorp Manageengine Servicedesk Plus=8.1
Zohocorp Manageengine Servicedesk Plus=8.2
Zohocorp Manageengine Servicedesk Plus=8.2-8201
Zohocorp Manageengine Servicedesk Plus=8.2-8202
Zohocorp Manageengine Servicedesk Plus=8.2-8203
Zohocorp Manageengine Servicedesk Plus=8.2-8204
and 270 more
CVE-2020-35682
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
Zohocorp Manageengine Servicedesk Plus<11.1
Zohocorp Manageengine Servicedesk Plus=11.1-11100
Zohocorp Manageengine Servicedesk Plus=11.1-11101
Zohocorp Manageengine Servicedesk Plus=11.1-11102
Zohocorp Manageengine Servicedesk Plus=11.1-11103
Zohocorp Manageengine Servicedesk Plus=11.1-11104
and 29 more
CVE-2020-14048
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
Zohocorp Manageengine Servicedesk Plus=8.2
Zohocorp Manageengine Servicedesk Plus=8.2-8201
Zohocorp Manageengine Servicedesk Plus=8.2-8202
Zohocorp Manageengine Servicedesk Plus=8.2-8203
Zohocorp Manageengine Servicedesk Plus=8.2-8204
Zohocorp Manageengine Servicedesk Plus=8.2-8205
and 263 more
CVE-2020-13154
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
Zohocorp Manageengine Servicedesk Plus=11.1
Zohocorp Manageengine Servicedesk Plus=11.1-11100
Zohocorp Manageengine Servicedesk Plus=11.1-11101
Zohocorp Manageengine Servicedesk Plus=11.1-11102
Zohocorp Manageengine Servicedesk Plus=11.1-11103
Zohocorp Manageengine Servicedesk Plus=11.1-11104
and 7 more
CVE-2019-15083
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as ...
Zohocorp Manageengine Servicedesk Plus=10.0.0
Zohocorp Manageengine Servicedesk Plus=10.0.0-10000
Zohocorp Manageengine Servicedesk Plus=10.0.0-10001
Zohocorp Manageengine Servicedesk Plus=10.0.0-10002
Zohocorp Manageengine Servicedesk Plus=10.0.0-10003
Zohocorp Manageengine Servicedesk Plus=10.0.0-10004
and 17 more
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
Zohocorp Manageengine Servicedesk Plus<=11.0
CVE-2019-15045
** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality.
Zohocorp Manageengine Servicedesk Plus>=10<10509
>=10<10509
CVE-2019-12539
Zohocorp Manageengine Servicedesk Plus=10.5
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associat...
Zoho ManageEngine=1.0
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Desktop Central=10.0.380
Zohocorp Manageengine Eventlog Analyzer=12.0.2
Zohocorp Manageengine Firewall=12.0
Zohocorp Manageengine Key Manager Plus=5.6
and 12 more
CVE-2019-12543
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
Zohocorp Manageengine Servicedesk Plus=9.3
CVE-2019-12542
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
Zohocorp Manageengine Servicedesk Plus=9.3
CVE-2019-12541
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
Zohocorp Manageengine Servicedesk Plus=9.3
CVE-2019-12538
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
Zohocorp Manageengine Servicedesk Plus=9.3
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&not...
Zohocorp Manageengine Servicedesk Plus<=10.5
CVE-2019-12189
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
Zohocorp Manageengine Servicedesk Plus=9.3
CVE-2017-9376
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
Zohocorp Manageengine Servicedesk Plus<9.3
CVE-2017-9362
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
Zohocorp Manageengine Servicedesk Plus<9.3
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus<10.0
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zohocorp Manageengine Servicedesk Plus<10.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203