Zohocorp: >> Manageengine Servicedesk Plus >> 9.3 Security Vulnerabilities
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
CVSS Score
7.5
EPSS Score
0.25
Published
2020-06-12
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
CVSS Score
4.8
EPSS Score
0.019
Published
2020-01-23
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-06-05
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-06-05
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-06-05
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-06-05
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVSS Score
6.1
EPSS Score
0.064
Published
2019-05-21
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
CVSS Score
6.5
EPSS Score
0.087
Published
2019-05-21
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
CVSS Score
4.3
EPSS Score
0.154
Published
2019-04-04
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
Known exploited
CVSS Score
6.5
EPSS Score
0.879
Published
2019-02-17