CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2022-35403
https://notcve.org/view.php?id=CVE-2022-35403
12 Jul 2022 — Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de arch... • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25245
https://notcve.org/view.php?id=CVE-2022-25245
05 Apr 2022 — Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización • https://manageengine.com • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 5%CPEs: 365EXPL: 0CVE-2021-44526
https://notcve.org/view.php?id=CVE-2021-44526
23 Dec 2021 — Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticación en determinadas configuraciones de administración • https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 •
CVSS: 9.8EPSS: 4%CPEs: 35EXPL: 0CVE-2021-44675
https://notcve.org/view.php?id=CVE-2021-44675
20 Dec 2021 — Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10.5 Build 10534, es vulnerable a una ejecución de código remota sin autenticación debido a una omisión de filtro en la que no es requerida autenticación • https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 94%CPEs: 72EXPL: 4CVE-2021-44077 – Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44077
29 Nov 2021 — Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecución de código remota no autenticada. Esto ... • https://packetstorm.news/files/id/165400 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 10%CPEs: 23EXPL: 0CVE-2021-31531
https://notcve.org/view.php?id=CVE-2021-31531
29 Jun 2021 — Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, es vulnerable a ataques de tipo Server-Side Request Forgery (SSRF) • https://excellium-services.com/cert-xlm-advisory/cve-2021-31531 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2021-31530
https://notcve.org/view.php?id=CVE-2021-31530
29 Jun 2021 — Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10522, es vulnerable a una Divulgación de Información • https://excellium-services.com/cve-2021-31530 •
CVSS: 7.5EPSS: 18%CPEs: 23EXPL: 0CVE-2021-31160
https://notcve.org/view.php?id=CVE-2021-31160
29 Jun 2021 — Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, permite a un atacante acceder a datos internos • https://excellium-services.com/cert-xlm-advisory/cve-2021-31160 •
CVSS: 5.3EPSS: 16%CPEs: 112EXPL: 4CVE-2021-31159 – Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
https://notcve.org/view.php?id=CVE-2021-31159
16 Jun 2021 — Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10519 es vulnerable a un bug de Enumeración de Usuarios debido a la generación inapropiada de mensajes de error en la funcionalidad Forgot Password, también se conoce como SDPMSP-15732 Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumerati... • https://packetstorm.news/files/id/163192 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 64%CPEs: 7EXPL: 1CVE-2021-20081
https://notcve.org/view.php?id=CVE-2021-20081
10 Jun 2021 — Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM • https://www.tenable.com/security/research/tra-2021-22 •