Servicedesk Plus

CVEs (4)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-4889	Hig	0.58	8.8	0.04	Apr 14, 2017	ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
CVE-2016-4890	Med	0.35	5.3	0.03	Apr 14, 2017	ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.
CVE-2016-4888	Med	0.35	5.4	0.02	Apr 14, 2017	Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1479		0.04	—	0.11	Feb 4, 2015	SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.