CVEDB API

ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2017-9362

Zohocorp » Manageengine Servicedesk Plus » Version: N/A

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:-
Zohocorp » Manageengine Servicedesk Plus » Version: 8.1

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1
Zohocorp » Manageengine Servicedesk Plus » Version: 8.2

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2
Zohocorp » Manageengine Servicedesk Plus » Version: 9.0

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0
Zohocorp » Manageengine Servicedesk Plus » Version: 9.1

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1
Zohocorp » Manageengine Servicedesk Plus » Version: 9.2

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2