CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2022-35403
https://notcve.org/view.php?id=CVE-2022-35403
12 Jul 2022 — Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de arch... • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25245
https://notcve.org/view.php?id=CVE-2022-25245
05 Apr 2022 — Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización • https://manageengine.com • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 5%CPEs: 365EXPL: 0CVE-2021-44526
https://notcve.org/view.php?id=CVE-2021-44526
23 Dec 2021 — Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticación en determinadas configuraciones de administración • https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 •
CVSS: 9.0EPSS: 64%CPEs: 7EXPL: 1CVE-2021-20081
https://notcve.org/view.php?id=CVE-2021-20081
10 Jun 2021 — Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM • https://www.tenable.com/security/research/tra-2021-22 •
CVSS: 6.1EPSS: 35%CPEs: 276EXPL: 1CVE-2021-20080
https://notcve.org/view.php?id=CVE-2021-20080
09 Apr 2021 — Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. Un saneamiento de salida insuficiente en ManageEngine ServiceDesk Plus versiones anteriores a 11200 y ManageEngine AssetExplorer versiones anteriores a 6800, permite a un atacante remoto no autenticado conducir ataques de tipo cross-sit... • https://www.tenable.com/security/research/tra-2021-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 1CVE-2020-35682
https://notcve.org/view.php?id=CVE-2020-35682
13 Mar 2021 — Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11134, permite una omisión de autenticación (solo durante el inicio de sesión SAML) • https://github.com/its-arun/CVE-2020-35682 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 30%CPEs: 269EXPL: 0CVE-2020-14048
https://notcve.org/view.php?id=CVE-2020-14048
12 Jun 2020 — Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11.1, build 11115, permite a atacantes remotos no autenticados cambiar el estado de instalación de los agentes desplegados • https://gitlab.com/eLeN3Re/CVE-2020-14048 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 2CVE-2019-15083 – ManageEngine Service Desk 10.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15083
14 May 2020 — Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server >
CVSS: 4.8EPSS: 4%CPEs: 1EXPL: 5CVE-2020-6843 – ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-6843
22 Jan 2020 — Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 permite un ataque de cross-site scripting (XSS). Este problema se solucionó en la versión 11.0 Build 11010, SD-83959. ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/156050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 3CVE-2019-15045 – Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
https://notcve.org/view.php?id=CVE-2019-15045
21 Aug 2019 — AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality ** EN DISPUTA ** AjaxDomainServlet en Zoho ManageEngine ServiceDesk Plus versión 10 permite la enumeración de usuarios. NOTA: la posición del proveedor es que esta es la funcionalidad prevista. Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. • https://packetstorm.news/files/id/154183 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •