NotCVE - vendor:"Zohocorp" product:"Manageengine Servicedesk Plus" version:"

Page 2 of 24 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2022-35403

https://notcve.org/view.php?id=CVE-2022-35403

12 Jul 2022 — Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de arch... • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-25245

https://notcve.org/view.php?id=CVE-2022-25245

05 Apr 2022 — Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización • https://manageengine.com • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 5%CPEs: 365EXPL: 0

CVE-2021-44526

https://notcve.org/view.php?id=CVE-2021-44526

23 Dec 2021 — Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticación en determinadas configuraciones de administración • https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 •

CVSS: 9.0EPSS: 64%CPEs: 7EXPL: 1

CVE-2021-20081

https://notcve.org/view.php?id=CVE-2021-20081

10 Jun 2021 — Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM • https://www.tenable.com/security/research/tra-2021-22 •

CVSS: 6.1EPSS: 35%CPEs: 276EXPL: 1

CVE-2021-20080

https://notcve.org/view.php?id=CVE-2021-20080

09 Apr 2021 — Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. Un saneamiento de salida insuficiente en ManageEngine ServiceDesk Plus versiones anteriores a 11200 y ManageEngine AssetExplorer versiones anteriores a 6800, permite a un atacante remoto no autenticado conducir ataques de tipo cross-sit... • https://www.tenable.com/security/research/tra-2021-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 1

CVE-2020-35682

https://notcve.org/view.php?id=CVE-2020-35682

13 Mar 2021 — Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11134, permite una omisión de autenticación (solo durante el inicio de sesión SAML) • https://github.com/its-arun/CVE-2020-35682 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 30%CPEs: 269EXPL: 0

CVE-2020-14048

https://notcve.org/view.php?id=CVE-2020-14048

12 Jun 2020 — Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11.1, build 11115, permite a atacantes remotos no autenticados cambiar el estado de instalación de los agentes desplegados • https://gitlab.com/eLeN3Re/CVE-2020-14048 • CWE-306: Missing Authentication for Critical Function •

CVSS: 4.8EPSS: 4%CPEs: 1EXPL: 5

CVE-2020-6843 – ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2020-6843

22 Jan 2020 — Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 permite un ataque de cross-site scripting (XSS). Este problema se solucionó en la versión 11.0 Build 11010, SD-83959. ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/156050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 8%CPEs: 1EXPL: 2

CVE-2019-12252 – Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions

https://notcve.org/view.php?id=CVE-2019-12252

21 May 2019 — In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. En Zoho ManageEngine ServiceDesk Plus hasta la versión 10.5, los usuarios con menos privilegios (guest) pueden ver una publicación arbitraria agregando su número al SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. Zoho ManageEngine ServiceDesk Plus... • https://packetstorm.news/files/id/153029 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-9362

https://notcve.org/view.php?id=CVE-2017-9362

25 Mar 2019 — ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. ManageEngine ServiceDesk Plus en sus versiones anteriores a la 9312 contiene una inyección XML en los ítems de adición de configuración de la API CMDB. • https://labs.integrity.pt/advisories/cve-2017-9362 • CWE-611: Improper Restriction of XML External Entity Reference •

1 2 3