Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2020-6843 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS.
network
low complexity
zohocorp CWE-79
4.8
4.8
2019-08-21 CVE-2019-15045 Information Exposure vulnerability in Zohocorp Manageengine Servicedesk Plus
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration.
network
low complexity
zohocorp CWE-200
5.3
5.3
2019-08-14 CVE-2019-15046 Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
network
low complexity
zohocorp CWE-287
7.5
7.5
2019-07-11 CVE-2019-12540 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-07-11 CVE-2019-12539 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-18 CVE-2019-12133 Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders.
local
low complexity
zohocorp CWE-732
7.8
7.8
2019-06-05 CVE-2019-12543 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-05 CVE-2019-12542 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-05 CVE-2019-12541 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-05 CVE-2019-12538 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1