Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2023-22964
Disclosure Date: January 20, 2023 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
0
Attacker Value
Unknown
CVE-2022-40772
Disclosure Date: November 23, 2022 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
0
Attacker Value
Unknown
CVE-2022-40770
Disclosure Date: November 23, 2022 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
0
Attacker Value
Unknown
CVE-2022-40773
Disclosure Date: November 12, 2022 (last updated December 22, 2024)
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
0
Attacker Value
Unknown
CVE-2022-35403
Disclosure Date: July 12, 2022 (last updated October 07, 2023)
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
0
Attacker Value
Unknown
CVE-2022-32551
Disclosure Date: July 02, 2022 (last updated October 07, 2023)
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
0
