Manageengine Servicedesk Plus

manageengine_servicedesk_plus

Vendor: Zohocorp • 50 CVEs

CVEs (50)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-12538 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 Jun 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
CVE-2019-12252 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 May 21, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id=...Show more In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.Show less
CVE-2019-12189 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 May 21, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVE-2019-10273 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 Apr 4, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an a...Show more Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.Show less
CVE-2017-9376 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 Mar 25, 2019 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
CVE-2017-9362 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
CVE-2019-8395 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 Feb 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVE-2019-8394 1Zohocorp 1Manageengine Servicedesk Plus Nov 7, 2025 Feb 17, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVE-2018-7248 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 May 11, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint...Show more An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.Show less
CVE-2018-5799 1Zohocorp 1Manageengine Servicedesk Plus Nov 21, 2024 Mar 30, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.

Previous 1 23