Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Servicedesk Plus  >> 11.1  Security Vulnerabilities
CVE-2022-40771
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-11-23
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-11-23
CVE-2022-40770
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
CVSS Score
7.2
EPSS Score
0.801
Published
2022-11-23
CVE-2022-35403
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
CVSS Score
7.5
EPSS Score
0.01
Published
2022-07-12
CVE-2022-25245
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
CVSS Score
5.3
EPSS Score
0.009
Published
2022-04-05
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
CVSS Score
9.8
EPSS Score
0.055
Published
2021-12-23
CVE-2021-44077
Known exploited
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
CVSS Score
9.8
EPSS Score
0.943
Published
2021-11-29
CVE-2021-37415
Known exploited
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
CVSS Score
9.8
EPSS Score
0.894
Published
2021-09-01
CVE-2021-20081
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
CVSS Score
7.2
EPSS Score
0.64
Published
2021-06-10
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
CVSS Score
6.1
EPSS Score
0.353
Published
2021-04-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved