CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25245
https://notcve.org/view.php?id=CVE-2022-25245
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización • https://manageengine.com https://raxis.com/blog/cve-2022-25245 https://www.manageengine.com/products/service-desk/cve-2022-25245.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46065
https://notcve.org/view.php?id=CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el Campo Secondary Email en Zoho ManageEngine ServiceDesk Plus versión 11.3 Build 11306, permite a atacantes inyectar código JavaScript arbitrario • https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md https://www.manageengine.com/products/service-desk/on-premises/readme.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 365EXPL: 0CVE-2021-44526
https://notcve.org/view.php?id=CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticación en determinadas configuraciones de administración • https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 •
CVSS: 9.8EPSS: 97%CPEs: 72EXPL: 4CVE-2021-44077 – Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecución de código remota no autenticada. Esto está relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuración de Struts Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution • https://github.com/horizon3ai/CVE-2021-44077 https://github.com/pizza-power/Golang-CVE-2021-44077-POC http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529& • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 93%CPEs: 65EXPL: 0CVE-2021-37415 – Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11302, es vulnerable a una omisión de autenticación que permite algunas URLs REST-API sin autenticación Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication • https://www.manageengine.com https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302 • CWE-306: Missing Authentication for Critical Function •