Latest zoho manageengine servicedesk plus (sdp) / supportcenter plus Vulnerabilities

CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<14.5
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.5-14500
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.5-14501
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.5-14502
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.5-14503
CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4...
Zohocorp Manageengine Ad360<4.3
Zohocorp Manageengine Ad360=4.3-4300
Zohocorp Manageengine Ad360=4.3-4302
Zohocorp Manageengine Ad360=4.3-4303
Zohocorp Manageengine Ad360=4.3-4304
Zohocorp Manageengine Ad360=4.3-4305
and 229 more
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unpr...
Zohocorp Manageengine Servicedesk Plus<14.2
Zohocorp Manageengine Servicedesk Plus=14.2-14200
Zohocorp Manageengine Servicedesk Plus=14.2-14201
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<14.2
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.2-14200
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.2-14201
and 4 more
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a ...
Zohocorp Manageengine Assetexplorer=6.9-6980
Zohocorp Manageengine Assetexplorer=6.9-6981
Zohocorp Manageengine Assetexplorer=6.9-6982
Zohocorp Manageengine Assetexplorer=6.9-6983
Zohocorp Manageengine Assetexplorer=6.9-6984
Zohocorp Manageengine Assetexplorer=6.9-6985
and 16 more
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 42 more
CVE-2023-26600
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 74 more
CVE-2023-22964
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10601
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10602
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10603
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10604
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10605
and 9 more
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0-13000
and 58 more
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
and 65 more
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Zohocorp Manageengine Servicedesk Plus<13.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
Zohocorp Manageengine Servicedesk Plus=13.0-13001
Zohocorp Manageengine Servicedesk Plus=13.0-13002
Zohocorp Manageengine Servicedesk Plus=13.0-13003
Zohocorp Manageengine Servicedesk Plus=13.0-13004
and 45 more
CVE-2022-40773
ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10601
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10602
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10603
and 32 more
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticke...
Zohocorp Manageengine Servicedesk Plus<13.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
Zohocorp Manageengine Servicedesk Plus=13.0-13001
Zohocorp Manageengine Servicedesk Plus=13.0-13002
Zohocorp Manageengine Servicedesk Plus=13.0-13003
Zohocorp Manageengine Servicedesk Plus=13.0-13004
and 59 more
CVE-2022-32551
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10601
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10602
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10603
CVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<=10.5
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10500
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10501
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10502
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10503
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10504
and 29 more
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
Zohocorp Manageengine Servicedesk Plus=11.1-11138
Zohocorp Manageengine Servicedesk Plus=11.1-11139
Zohocorp Manageengine Servicedesk Plus=11.1-11140
Zohocorp Manageengine Servicedesk Plus=11.1-11141
Zohocorp Manageengine Servicedesk Plus=11.1-11142
Zohocorp Manageengine Servicedesk Plus=11.1-11143
and 139 more
CVE-2021-31530
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.5
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10500
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10501
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10502
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10503
and 18 more
CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus>=8.0<=9.4
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10500
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10501
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10502
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10503
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.5-10504
and 106 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203