Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_supportcenter_plus
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-26 | CVE-2022-36412 | In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.) | Manageengine_supportcenter_plus | 9.8 | ||
| 2022-11-12 | CVE-2022-40773 | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 8.8 | ||
| 2022-11-17 | CVE-2022-42903 | Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | Manageengine_supportcenter_plus | 3.3 | ||
| 2022-11-23 | CVE-2022-40770 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. | Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 7.2 | ||
| 2022-11-23 | CVE-2022-40772 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 6.5 | ||
| 2022-11-23 | CVE-2022-40771 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 4.9 | ||
| 2023-02-01 | CVE-2023-23076 | OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | Manageengine_supportcenter_plus | 9.8 | ||
| 2023-03-06 | CVE-2023-26601 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | Manageengine_assetexplorer, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 7.5 | ||
| 2023-07-07 | CVE-2023-34197 | Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus | 5.4 | ||
| 2023-07-28 | CVE-2023-38331 | Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. | Manageengine_supportcenter_plus | 5.4 |