Latest zohocorp manageengine supportcenter plus Vulnerabilities

CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4...
Zohocorp Manageengine Ad360<4.3
Zohocorp Manageengine Ad360=4.3-4300
Zohocorp Manageengine Ad360=4.3-4302
Zohocorp Manageengine Ad360=4.3-4303
Zohocorp Manageengine Ad360=4.3-4304
Zohocorp Manageengine Ad360=4.3-4305
and 229 more
CVE-2023-38331
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Zohocorp Manageengine Supportcenter Plus=8.0-8015
Zohocorp Manageengine Supportcenter Plus=8.1-8100
Zohocorp Manageengine Supportcenter Plus=8.1-8101
Zohocorp Manageengine Supportcenter Plus=8.1-8102
Zohocorp Manageengine Supportcenter Plus=8.1-8117
Zohocorp Manageengine Supportcenter Plus=8.1-8118
and 8 more
CVE-2023-34197
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unpr...
Zohocorp Manageengine Servicedesk Plus<14.2
Zohocorp Manageengine Servicedesk Plus=14.2-14200
Zohocorp Manageengine Servicedesk Plus=14.2-14201
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<14.2
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.2-14200
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.2-14201
and 4 more
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a ...
Zohocorp Manageengine Assetexplorer=6.9-6980
Zohocorp Manageengine Assetexplorer=6.9-6981
Zohocorp Manageengine Assetexplorer=6.9-6982
Zohocorp Manageengine Assetexplorer=6.9-6983
Zohocorp Manageengine Assetexplorer=6.9-6984
Zohocorp Manageengine Assetexplorer=6.9-6985
and 16 more
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 42 more
CVE-2023-26600
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
and 74 more
CVE-2023-23076
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
Zohocorp Manageengine Supportcenter Plus=11.0
Zohocorp Manageengine Supportcenter Plus=11.0-11001
Zohocorp Manageengine Supportcenter Plus=11.0-11002
Zohocorp Manageengine Supportcenter Plus=11.0-11003
Zohocorp Manageengine Supportcenter Plus=11.0-11004
Zohocorp Manageengine Supportcenter Plus=11.0-11005
and 21 more
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=13.0-13000
and 58 more
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Zohocorp Manageengine Servicedesk Plus<14.0
Zohocorp Manageengine Servicedesk Plus=14.0
Zohocorp Manageengine Servicedesk Plus=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
and 65 more
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Zohocorp Manageengine Servicedesk Plus<13.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
Zohocorp Manageengine Servicedesk Plus=13.0-13001
Zohocorp Manageengine Servicedesk Plus=13.0-13002
Zohocorp Manageengine Servicedesk Plus=13.0-13003
Zohocorp Manageengine Servicedesk Plus=13.0-13004
and 45 more
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
Zohocorp Manageengine Supportcenter Plus=11.0
Zohocorp Manageengine Supportcenter Plus=11.0-11000
Zohocorp Manageengine Supportcenter Plus=11.0-11001
Zohocorp Manageengine Supportcenter Plus=11.0-11002
Zohocorp Manageengine Supportcenter Plus=11.0-11003
Zohocorp Manageengine Supportcenter Plus=11.0-11004
and 19 more
CVE-2022-40773
ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10600
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10601
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10602
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=10.6-10603
and 32 more
CVE-2022-36412
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authentica...
Zohocorp Manageengine Supportcenter Plus=11.0-11020
Zohocorp Manageengine Supportcenter Plus=11.0-11021
Zohocorp Manageengine Supportcenter Plus=11.0-11022
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticke...
Zohocorp Manageengine Servicedesk Plus<13.0
Zohocorp Manageengine Servicedesk Plus=13.0-13000
Zohocorp Manageengine Servicedesk Plus=13.0-13001
Zohocorp Manageengine Servicedesk Plus=13.0-13002
Zohocorp Manageengine Servicedesk Plus=13.0-13003
Zohocorp Manageengine Servicedesk Plus=13.0-13004
and 59 more
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
Zohocorp Manageengine Supportcenter Plus<11.0
Zohocorp Manageengine Supportcenter Plus=11.0
Zohocorp Manageengine Supportcenter Plus=11.0-11000
Zohocorp Manageengine Supportcenter Plus=11.0-11001
Zohocorp Manageengine Supportcenter Plus=11.0-11002
Zohocorp Manageengine Supportcenter Plus=11.0-11003
and 16 more
CVE-2021-43296
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
Zohocorp Manageengine Supportcenter Plus=11.0
Zohocorp Manageengine Supportcenter Plus=11.0-11001
Zohocorp Manageengine Supportcenter Plus=11.0-11002
Zohocorp Manageengine Supportcenter Plus=11.0-11003
Zohocorp Manageengine Supportcenter Plus=11.0-11004
Zohocorp Manageengine Supportcenter Plus=11.0-11005
and 10 more
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
Zohocorp Manageengine Supportcenter Plus=11.0
Zohocorp Manageengine Supportcenter Plus=11.0-11001
Zohocorp Manageengine Supportcenter Plus=11.0-11002
Zohocorp Manageengine Supportcenter Plus=11.0-11003
Zohocorp Manageengine Supportcenter Plus=11.0-11004
Zohocorp Manageengine Supportcenter Plus=11.0-11005
and 10 more
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
Zohocorp Manageengine Servicedesk Plus=11.1-11138
Zohocorp Manageengine Servicedesk Plus=11.1-11139
Zohocorp Manageengine Servicedesk Plus=11.1-11140
Zohocorp Manageengine Servicedesk Plus=11.1-11141
Zohocorp Manageengine Servicedesk Plus=11.1-11142
Zohocorp Manageengine Servicedesk Plus=11.1-11143
and 139 more
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associat...
Zoho ManageEngine=1.0
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Desktop Central=10.0.380
Zohocorp Manageengine Eventlog Analyzer=12.0.2
Zohocorp Manageengine Firewall=12.0
Zohocorp Manageengine Key Manager Plus=5.6
and 12 more
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Zohocorp Manageengine Supportcenter Plus<8.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203