Zohocorp: >> Manageengine Servicedesk Plus >> 9.4 Security Vulnerabilities
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
CVSS Score
7.5
EPSS Score
0.25
Published
2020-06-12
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
CVSS Score
4.8
EPSS Score
0.019
Published
2020-01-23
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
CVSS Score
6.5
EPSS Score
0.087
Published
2019-05-21
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
Known exploited
CVSS Score
6.5
EPSS Score
0.879
Published
2019-02-17
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVSS Score
9.8
EPSS Score
0.199
Published
2019-02-17
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-03-30
Page 3