What is vulnerability CVE-2019-15083?

Vulnerability CVE-2019-15083 is a cross-site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 10.0 before 10500.

How severe is vulnerability CVE-2019-15083?

Vulnerability CVE-2019-15083 has a severity score of 6.1 (medium).

What is the affected software versions for vulnerability CVE-2019-15083?

The affected software versions for vulnerability CVE-2019-15083 are Zoho ManageEngine ServiceDesk Plus 10.0.0 to 10.0.0-10021.

Are there any fixes or patches available for vulnerability CVE-2019-15083?

Yes, Zoho has released a patch for this vulnerability. It is recommended to update to Zoho ManageEngine ServiceDesk Plus version 10.5.0 or later.

Vulnerability/
CVE-2019-15083

medium

6.1

CWE

14/5/2020

19/5/2020

CVE-2019-15083: XSS

First published: Thu May 14 2020(Updated: )

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Servicedesk Plus	=10.0.0
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10000
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10001
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10002
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10003
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10004
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10005
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10006
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10007
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10008
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10009
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10010
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10011
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10012
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10013
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10014
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10015
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10016
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10017
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10018
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10019
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10020
Zohocorp Manageengine Servicedesk Plus	=10.0.0-10021

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is vulnerability CVE-2019-15083?
Vulnerability CVE-2019-15083 is a cross-site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 10.0 before 10500.
How severe is vulnerability CVE-2019-15083?
Vulnerability CVE-2019-15083 has a severity score of 6.1 (medium).
What is the affected software versions for vulnerability CVE-2019-15083?
The affected software versions for vulnerability CVE-2019-15083 are Zoho ManageEngine ServiceDesk Plus 10.0.0 to 10.0.0-10021.
How can an attacker exploit vulnerability CVE-2019-15083?
An attacker with local administrator privileges can inject cross-site scripting (XSS) payloads using the installed program names of the computer as a vector, allowing them to execute malicious code on the Manage Engine ServiceDesk administrator site.
Are there any fixes or patches available for vulnerability CVE-2019-15083?
Yes, Zoho has released a patch for this vulnerability. It is recommended to update to Zoho ManageEngine ServiceDesk Plus version 10.5.0 or later.

collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/author
agent/tags
agent/description
agent/type
agent/event
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
vendor/zohocorp
canonical/zohocorp manageengine servicedesk plus
version/zohocorp manageengine servicedesk plus/10.0.0
version/zohocorp manageengine servicedesk plus/10.0.0-10000
version/zohocorp manageengine servicedesk plus/10.0.0-10001
version/zohocorp manageengine servicedesk plus/10.0.0-10002
version/zohocorp manageengine servicedesk plus/10.0.0-10003
version/zohocorp manageengine servicedesk plus/10.0.0-10004
version/zohocorp manageengine servicedesk plus/10.0.0-10005
version/zohocorp manageengine servicedesk plus/10.0.0-10006
version/zohocorp manageengine servicedesk plus/10.0.0-10007
version/zohocorp manageengine servicedesk plus/10.0.0-10008
version/zohocorp manageengine servicedesk plus/10.0.0-10009
version/zohocorp manageengine servicedesk plus/10.0.0-10010
version/zohocorp manageengine servicedesk plus/10.0.0-10011
version/zohocorp manageengine servicedesk plus/10.0.0-10012
version/zohocorp manageengine servicedesk plus/10.0.0-10013
version/zohocorp manageengine servicedesk plus/10.0.0-10014
version/zohocorp manageengine servicedesk plus/10.0.0-10015
version/zohocorp manageengine servicedesk plus/10.0.0-10016
version/zohocorp manageengine servicedesk plus/10.0.0-10017
version/zohocorp manageengine servicedesk plus/10.0.0-10018
version/zohocorp manageengine servicedesk plus/10.0.0-10019
version/zohocorp manageengine servicedesk plus/10.0.0-10020
version/zohocorp manageengine servicedesk plus/10.0.0-10021

CVE-2019-15083: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is vulnerability CVE-2019-15083?

How severe is vulnerability CVE-2019-15083?

What is the affected software versions for vulnerability CVE-2019-15083?

How can an attacker exploit vulnerability CVE-2019-15083?

Are there any fixes or patches available for vulnerability CVE-2019-15083?

Company

Resources

Contact