NotCVE - vendor:"Zohocorp" product:"Manageengine Servicedesk Plus" version:"11.3"

Page 2 of 19 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2022-35403

https://notcve.org/view.php?id=CVE-2022-35403

12 Jul 2022 — Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de arch... • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-25245

https://notcve.org/view.php?id=CVE-2022-25245

05 Apr 2022 — Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización • https://manageengine.com • CWE-306: Missing Authentication for Critical Function •

CVSS: 4.8EPSS: 21%CPEs: 1EXPL: 1

CVE-2021-46065

https://notcve.org/view.php?id=CVE-2021-46065

27 Jan 2022 — A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el Campo Secondary Email en Zoho ManageEngine ServiceDesk Plus versión 11.3 Build 11306, permite a atacantes inyectar código JavaScript arbitrario • https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 5%CPEs: 365EXPL: 0

CVE-2021-44526

https://notcve.org/view.php?id=CVE-2021-44526

23 Dec 2021 — Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticación en determinadas configuraciones de administración • https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 •

CVSS: 9.8EPSS: 94%CPEs: 72EXPL: 4

CVE-2021-44077 – Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-44077

29 Nov 2021 — Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecución de código remota no autenticada. Esto ... • https://packetstorm.news/files/id/165400 • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 86%CPEs: 65EXPL: 0

CVE-2021-37415 – Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2021-37415

01 Sep 2021 — Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11302, es vulnerable a una omisión de autenticación que permite algunas URLs REST-API sin autenticación Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication • https://www.manageengine.com • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 3

CVE-2019-15045 – Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure

https://notcve.org/view.php?id=CVE-2019-15045

21 Aug 2019 — AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality ** EN DISPUTA ** AjaxDomainServlet en Zoho ManageEngine ServiceDesk Plus versión 10 permite la enumeración de usuarios. NOTA: la posición del proveedor es que esta es la funcionalidad prevista. Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. • https://packetstorm.news/files/id/154183 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 4

CVE-2019-15046 – Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure

https://notcve.org/view.php?id=CVE-2019-15046

14 Aug 2019 — Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. Zoho ManageEngine ServiceDesk Plus 10 anteriores a la versión 10509, permite el filtrado de información confidencial no autenticada durante la replicación de Fail Over Service (FOS), también se conoce como SD-79989. Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. • https://packetstorm.news/files/id/154183 • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1

CVE-2018-5799 – ManageEngine Service Desk Plus Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-5799

28 Mar 2018 — In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. En Zoho ManageEngine ServiceDesk Plus en versiones anteriores a la 9403, un problema Cross-Site Scripting (XSS) permite que un atacante ejecute código JavaScript arbitrario mediante un URI /api/request/?OPERATION_NAME=, también conocido como SD-69139. ManageEngine Service Desk Plus versions prior to 9403 suffer from a cross site scripting vulne... • https://packetstorm.news/files/id/146922 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2