Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus MSP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-22964 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.6/13.0 Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | 9.1 |
| 2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
| 2021-12-20 | CVE-2021-44675 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | 9.8 |
| 2021-11-29 | CVE-2021-44077 | Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. | 9.8 |
| 2021-06-29 | CVE-2021-31531 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | 9.8 |