Manageengine_servicedesk_plus - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Manageengine_servicedesk_plus
(Zohocorp)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	48

Date	Id	Summary	Products	Score	Patch	Annotated
2020-01-23	CVE-2020-6843	Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.	Manageengine_servicedesk_plus	4.8
2020-05-18	CVE-2020-13154	Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.	Manageengine_servicedesk_plus	6.5
2020-06-12	CVE-2020-14048	Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.	Manageengine_servicedesk_plus	7.5
2021-03-13	CVE-2020-35682	Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).	Manageengine_servicedesk_plus	8.8
2021-04-09	CVE-2021-20080	Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.	Manageengine_servicedesk_plus	6.1
2021-06-10	CVE-2021-20081	Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.	Manageengine_servicedesk_plus	7.2
2021-06-29	CVE-2021-31160	Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.	Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp	7.5
2021-09-01	CVE-2021-37415	Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.	Manageengine_servicedesk_plus	9.8
2021-11-29	CVE-2021-44077	Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.	Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus	9.8
2021-12-23	CVE-2021-44526	Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.	Manageengine_servicedesk_plus	9.8