Zohocorp Manageengine_servicedesk_plus_msp
26 CVEs affecting Zohocorp Manageengine_servicedesk_plus_msp. Latest disclosed: 2025-05-22. Critical: 5, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2021-44675 | Critical | 9.8 | 2021-12-20 | Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentic… |
CVE-2021-44077 | Critical | 9.8 | 2021-11-29 | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remot… |
CVE-2021-31531 | Critical | 9.8 | 2021-06-29 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). |
CVE-2023-22964 | Critical | 9.1 | 2023-01-20 | Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. |
CVE-2022-40773 | High | 8.8 | 2022-11-12 | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sen… |
CVE-2024-38869 | High | 8.3 | 2024-08-23 | Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Cen… |
CVE-2023-35785 | High | 8.1 | 2023-08-28 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7… |
CVE-2023-26601 | High | 7.5 | 2023-03-06 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow De… |
CVE-2022-35403 | High | 7.5 | 2022-07-12 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated loca… |
CVE-2022-32551 | High | 7.5 | 2022-07-02 | Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). |
CVE-2021-31530 | High | 7.5 | 2021-06-29 | Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. |
CVE-2021-31160 | High | 7.5 | 2021-06-29 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. |
CVE-2022-40770 | High | 7.2 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. |
CVE-2025-3444 | Medium | 6.5 | 2025-05-22 | Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin… |
CVE-2023-26600 | Medium | 6.5 | 2023-03-06 | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privi… |
CVE-2022-40772 | Medium | 6.5 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report mod… |
CVE-2024-50053 | Medium | 6.3 | 2025-03-21 | Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in… |
CVE-2024-41150 | Medium | 6.3 | 2024-08-23 | An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This… |
CVE-2023-6105 | Medium | 5.5 | 2023-11-15 | An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user wit… |