VYPR

Servicedesk Plus

by Manageengine

CVEs (32)

  • CVE-2024-50053Mar 21, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

  • CVE-2024-41150Aug 23, 2024
    risk 0.00cvss epss 0.01

    An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus:…

  • CVE-2023-6105Nov 15, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt…

  • CVE-2023-26600Mar 6, 2023
    risk 0.00cvss epss 0.06

    ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

  • CVE-2020-35682Mar 13, 2021
    risk 0.00cvss epss 0.07

    Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

  • CVE-2019-15046Aug 14, 2019
    risk 0.00cvss epss 0.05

    Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

  • CVE-2019-12133Jun 18, 2019
    risk 0.00cvss epss 0.02

    Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current…

  • CVE-2017-9362Mar 25, 2019
    risk 0.00cvss epss 0.04

    ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.

  • CVE-2017-9376Mar 25, 2019
    risk 0.00cvss epss 0.07

    ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.

  • CVE-2011-1510Sep 20, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.

  • CVE-2011-1509Sep 20, 2011
    risk 0.00cvss epss 0.01

    The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2011-2756Jul 17, 2011
    risk 0.00cvss epss 0.02

    FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.

Page 2 of 2