NotCVE - vendor:"Zohocorp" product:"Manageengine Servicedesk Plus" version:"11.1"

Page 4 of 23 results (0.010 seconds)

CVSS: 9.0EPSS: 3%CPEs: 7EXPL: 1

CVE-2021-20081

https://notcve.org/view.php?id=CVE-2021-20081

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM • https://www.tenable.com/security/research/tra-2021-22 •

CVSS: 6.1EPSS: 3%CPEs: 276EXPL: 1

CVE-2021-20080

https://notcve.org/view.php?id=CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. Un saneamiento de salida insuficiente en ManageEngine ServiceDesk Plus versiones anteriores a 11200 y ManageEngine AssetExplorer versiones anteriores a 6800, permite a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting (XSS) persistente al cargar un archivo de activos XML diseñado • https://www.tenable.com/security/research/tra-2021-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 1

CVE-2020-35682

https://notcve.org/view.php?id=CVE-2020-35682

Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11134, permite una omisión de autenticación (solo durante el inicio de sesión SAML) • https://github.com/its-arun/CVE-2020-35682 https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 269EXPL: 0

CVE-2020-14048

https://notcve.org/view.php?id=CVE-2020-14048

Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11.1, build 11115, permite a atacantes remotos no autenticados cambiar el estado de instalación de los agentes desplegados • https://gitlab.com/eLeN3Re/CVE-2020-14048 https://www.manageengine.com/products/service-desk/on-premises/readme.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2020-13154

https://notcve.org/view.php?id=CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. Zoho ManageEngine Service Plus versiones anteriores a 11.1 build 11112, permite a usuarios autenticados con pocos privilegios detectar la contraseña de File Protection mediante una llamada de getFileProtectionSettings a AjaxServlet. • https://gitlab.com/eLeN3Re/CVE-2020-13154 https://www.manageengine.com/products/service-desk/on-premises/readme.html • CWE-862: Missing Authorization •

1 2 3 4 5