CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2022-35403
https://notcve.org/view.php?id=CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de archivos locales sin autenticación por medio del correo electrónico de creación de tickets. (Esto también afecta a Asset Explorer versiones anteriores a 6977 con autenticación) • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 1CVE-2022-25373
https://notcve.org/view.php?id=CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11020, permite el almacenamiento de tipo XSS en el historial de peticiones • https://manageengine.com https://pitstop.manageengine.com/portal/en/community/topic/manageengine-supportcenter-plus-version-11-0-build-11020-released https://raxis.com/blog/cve-2022-25373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-43296
https://notcve.org/view.php?id=CVE-2021-43296
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo SSRF en ActionExecutor • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2021-43295
https://notcve.org/view.php?id=CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Accounts • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2021-43294
https://notcve.org/view.php?id=CVE-2021-43294
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Products • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •