NotCVE - vendor:"Zohocorp" product:"Manageengine Servicedesk Plus" version:"11.0"

Page 3 of 25 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 37EXPL: 0

CVE-2022-40773 – ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. Zoho ManageEngine ServiceDesk Plus MSP anterior a 10609 y SupportCenter Plus anterior a 11025 son vulnerables a la escalada de privilegios. Esto permite a los usuarios obtener datos sensibles durante una exportación de solicitudes exportMickeyList desde la vista de lista. This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. • https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html https://www.zerodayinitiative.com/advisories/ZDI-22-1490 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2022-35403

https://notcve.org/view.php?id=CVE-2022-35403

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de archivos locales sin autenticación por medio del correo electrónico de creación de tickets. (Esto también afecta a Asset Explorer versiones anteriores a 6977 con autenticación) • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-25245

https://notcve.org/view.php?id=CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización • https://manageengine.com https://raxis.com/blog/cve-2022-25245 https://www.manageengine.com/products/service-desk/cve-2022-25245.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 365EXPL: 0

CVE-2021-44526

https://notcve.org/view.php?id=CVE-2021-44526

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticación en determinadas configuraciones de administración • https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 •

CVSS: 9.8EPSS: 97%CPEs: 72EXPL: 3

CVE-2021-44077 – Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecución de código remota no autenticada. Esto está relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuración de Struts Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution • https://github.com/horizon3ai/CVE-2021-44077 https://github.com/pizza-power/Golang-CVE-2021-44077-POC http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529& • CWE-306: Missing Authentication for Critical Function •

1 2 3 4 5