VYPR

Servicedesk Plus

by Zohocorp

CVEs (8)

  • CVE-2016-4889HigApr 14, 2017
    risk 0.57cvss 8.8epss 0.03

    ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.

  • CVE-2016-4890MedApr 14, 2017
    risk 0.35cvss 5.3epss 0.03

    ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

  • CVE-2016-4888MedApr 14, 2017
    risk 0.35cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-1479Feb 4, 2015
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.

  • CVE-2024-50053Mar 21, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

  • CVE-2024-27314May 27, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

  • CVE-2023-35785Aug 28, 2023
    risk 0.00cvss epss 0.02

    Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and…

  • CVE-2022-35403Jul 12, 2022
    risk 0.00cvss epss 0.07

    Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with…