Product:

Manageengine_servicedesk_plus_msp

(Zohocorp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 23
Date Id Summary Products Score Patch Annotated
2022-07-02 CVE-2022-32551 Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). Manageengine_servicedesk_plus_msp 7.5
2022-07-12 CVE-2022-35403 Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 7.5
2022-11-12 CVE-2022-40773 Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 8.8
2022-11-23 CVE-2022-40770 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 7.2
2022-11-23 CVE-2022-40772 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 6.5
2022-11-23 CVE-2022-40771 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 4.9
2023-01-20 CVE-2023-22964 Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. Manageengine_servicedesk_plus_msp 9.1
2023-03-06 CVE-2023-26601 Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 7.5
2023-07-07 CVE-2023-34197 Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus 5.4
2023-08-28 CVE-2023-35785 Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk... Manageengine_ad360, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_assetexplorer, Manageengine_cloud_security_plus, Manageengine_datasecurity_plus, Manageengine_eventlog_analyzer, Manageengine_exchange_reporter_plus, Manageengine_log360, Manageengine_log360_ueba, Manageengine_m365_manager_plus, Manageengine_m365_security_plus, Manageengine_recoverymanager_plus, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_sharepoint_manager_plus, Manageengine_supportcenter_plus 8.1