Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9376 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 5.0 MEDIUM | 6.5 MEDIUM |
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | |||||
CVE-2019-12539 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189. | |||||
CVE-2019-8395 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | |||||
CVE-2019-8394 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | |||||
CVE-2018-5799 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | |||||
CVE-2018-7248 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not. |