Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-29 | CVE-2021-44077 | Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. | 9.8 |
| 2021-09-01 | CVE-2021-37415 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | 9.8 |
| 2021-06-29 | CVE-2021-31160 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. | 7.5 |
| 2021-06-10 | CVE-2021-20081 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | 7.2 |
| 2021-04-09 | CVE-2021-20080 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | 6.1 |
| 2021-03-13 | CVE-2020-35682 | Incorrect Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | 8.8 |
| 2020-06-12 | CVE-2020-14048 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. | 7.5 |
| 2020-05-18 | CVE-2020-13154 | Missing Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus 11.1 Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | 6.5 |
| 2020-05-14 | CVE-2019-15083 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.0.0 Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. | 6.1 |
| 2020-01-23 | CVE-2020-6843 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. | 4.8 |