VYPR

ManageEngine Service Plus

by Zoho

CVEs (16)

  • CVE-2021-31159Jun 16, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.05cvss epss 0.24

    Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.

  • CVE-2021-46065Jan 27, 2022
    Zoho
    ManageEngine Service Plus
    risk 0.02cvss epss 0.20

    A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.

  • CVE-2021-37422Sep 10, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.02cvss epss 0.26

    Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.

  • CVE-2021-37423Sep 10, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.02cvss epss 0.21

    Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.

  • CVE-2021-33055Aug 30, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.02cvss epss 0.22

    Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.

  • CVE-2021-37417Aug 30, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.01cvss epss 0.19

    Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.

  • CVE-2021-37416Aug 30, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.01cvss epss 0.09

    Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.

  • CVE-2021-27214Feb 19, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.01cvss epss 0.07

    A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative…

  • CVE-2020-11518Apr 4, 2020
    Zoho
    ManageEngine Service Plus
    risk 0.01cvss epss 0.10

    Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

  • CVE-2021-44526Dec 23, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.00cvss epss 0.04

    Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

  • CVE-2021-44675Dec 20, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.

  • CVE-2021-37420Sep 21, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.00cvss epss 0.01

    Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.

  • CVE-2021-31874Jul 2, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.00cvss epss 0.01

    Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.

  • CVE-2021-27956May 20, 2021
    Zoho
    ManageEngine Service Plus
    risk 0.00cvss epss 0.01

    Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.

  • CVE-2020-13154May 18, 2020
    Zoho
    ManageEngine Service Plus
    risk 0.00cvss epss 0.01

    Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

  • CVE-2020-6843Jan 23, 2020
    Zoho
    ManageEngine Service Plus
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.