Zohocorp Manageengine_servicedesk_plus
50 CVEs affecting Zohocorp Manageengine_servicedesk_plus. Latest disclosed: 2025-03-21. Critical: 5, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2021-44526 | Critical | 9.8 | 2021-12-23 | Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. |
CVE-2021-44077 | Critical | 9.8 | 2021-11-29 | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remot… |
CVE-2021-37415 | Critical | 9.8 | 2021-09-01 | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. |
CVE-2019-8395 | Critical | 9.8 | 2019-02-17 | An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a requ… |
CVE-2020-35682 | High | 8.8 | 2021-03-13 | Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). |
CVE-2017-9362 | High | 8.8 | 2019-03-25 | ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. |
CVE-2024-38869 | High | 8.3 | 2024-08-23 | Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Cen… |
CVE-2023-35785 | High | 8.1 | 2023-08-28 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7… |
CVE-2019-12133 | High | 7.8 | 2019-06-18 | Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub… |
CVE-2023-26601 | High | 7.5 | 2023-03-06 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow De… |
CVE-2022-35403 | High | 7.5 | 2022-07-12 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated loca… |
CVE-2021-31160 | High | 7.5 | 2021-06-29 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. |
CVE-2020-14048 | High | 7.5 | 2020-06-12 | Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. |
CVE-2019-15046 | High | 7.5 | 2019-08-14 | Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-7998… |
CVE-2022-40770 | High | 7.2 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. |
CVE-2021-20081 | High | 7.2 | 2021-06-10 | Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary command… |
CVE-2023-26600 | Medium | 6.5 | 2023-03-06 | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privi… |
CVE-2022-40772 | Medium | 6.5 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report mod… |
CVE-2020-13154 | Medium | 6.5 | 2020-05-18 | Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectio… |