Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > 9.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-40772 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | 6.5 |
| 2022-11-23 | CVE-2022-40770 | Command Injection vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. | 7.2 |
| 2022-07-12 | CVE-2022-35403 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. | 7.5 |
| 2022-04-05 | CVE-2022-25245 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | 5.3 |
| 2021-12-23 | CVE-2021-44526 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | 9.8 |
| 2021-06-10 | CVE-2021-20081 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | 7.2 |
| 2021-04-09 | CVE-2021-20080 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | 6.1 |
| 2021-03-13 | CVE-2020-35682 | Incorrect Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | 8.8 |
| 2020-06-12 | CVE-2020-14048 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. | 7.5 |
| 2020-01-23 | CVE-2020-6843 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. | 4.8 |