Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Servicedesk Plus  Security Vulnerabilities
CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
CVSS Score
4.8
EPSS Score
0.212
Published
2022-01-27
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
CVSS Score
9.8
EPSS Score
0.055
Published
2021-12-23
CVE-2021-44077
Known exploited
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
CVSS Score
9.8
EPSS Score
0.942
Published
2021-11-29
CVE-2021-37415
Known exploited
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
CVSS Score
9.8
EPSS Score
0.894
Published
2021-09-01
CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVSS Score
7.5
EPSS Score
0.1
Published
2021-06-29
CVE-2021-20081
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
CVSS Score
7.2
EPSS Score
0.645
Published
2021-06-10
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
CVSS Score
6.1
EPSS Score
0.353
Published
2021-04-09
CVE-2020-35682
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
CVSS Score
8.8
EPSS Score
0.003
Published
2021-03-13
CVE-2020-14048
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
CVSS Score
7.5
EPSS Score
0.25
Published
2020-06-12
CVE-2020-13154
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-05-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved