Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Servicedesk Plus  >> 9.3  Security Vulnerabilities
CVE-2020-35682
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
CVSS Score
8.8
EPSS Score
0.017
Published
2021-03-13
CVE-2020-14048
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
CVSS Score
7.5
EPSS Score
0.25
Published
2020-06-12
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
CVSS Score
4.8
EPSS Score
0.019
Published
2020-01-23
CVE-2019-12538
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
CVSS Score
6.1
EPSS Score
0.017
Published
2019-06-05
CVE-2019-12541
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
CVSS Score
6.1
EPSS Score
0.017
Published
2019-06-05
CVE-2019-12542
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
CVSS Score
6.1
EPSS Score
0.017
Published
2019-06-05
CVE-2019-12543
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
CVSS Score
6.1
EPSS Score
0.017
Published
2019-06-05
CVE-2019-12189
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVSS Score
6.1
EPSS Score
0.05
Published
2019-05-21
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.
CVSS Score
6.5
EPSS Score
0.072
Published
2019-05-21
CVE-2019-10273
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
CVSS Score
4.3
EPSS Score
0.154
Published
2019-04-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved