← Back

Servicetonic

servicetonic

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Servicetonic
servicetonic
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-28024
1Servicetonic
1Servicetonic
Jun 17, 2026
Nov 8, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.
CVE-2021-28023
1Servicetonic
1Servicetonic
Jun 17, 2026
Nov 8, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.
CVE-2021-28022
1Servicetonic
1Servicetonic
Jun 17, 2026
Nov 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.