Manageengine

Servicedesk Plus

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-8309

  • EPSS 0.04%
  • Published 20.08.2025 16:53:29
  • Last modified 22.08.2025 18:09:17

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710...

5.4

CVE-2024-50053

  • EPSS 0.03%
  • Published 21.03.2025 06:01:39
  • Last modified 27.03.2025 13:10:43

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

2.4

CVE-2024-27314

  • EPSS 2.6%
  • Published 27.05.2024 07:15:09
  • Last modified 17.06.2025 20:18:05

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by t...

9

CVE-2014-5301

Exploit
  • EPSS 78.39%
  • Published 28.08.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.

9

CVE-2014-5302

Exploit
  • EPSS 53.88%
  • Published 28.08.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.

4

CVE-2015-1480

Exploit
  • EPSS 18.23%
  • Published 04.02.2015 16:59:09
  • Last modified 12.04.2025 10:46:40

ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/...

4.3

CVE-2012-2585

Exploit
  • EPSS 0.38%
  • Published 12.08.2012 21:55:01
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) ex...

5

CVE-2011-1509

  • EPSS 0.19%
  • Published 20.09.2011 10:55:02
  • Last modified 11.04.2025 00:51:21

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the n...

4.3

CVE-2011-1510

  • EPSS 0.33%
  • Published 20.09.2011 10:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.

5

CVE-2011-2755

  • EPSS 3.36%
  • Published 17.07.2011 20:55:01
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.