Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-15045 | Information Exposure vulnerability in Zohocorp Manageengine Servicedesk Plus AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. | 5.3 |
| 2019-08-14 | CVE-2019-15046 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | 7.5 |
| 2019-07-11 | CVE-2019-12540 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. | 6.1 |
| 2019-07-11 | CVE-2019-12539 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5 An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. | 6.1 |
| 2019-06-18 | CVE-2019-12133 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. | 7.8 |
| 2019-06-05 | CVE-2019-12543 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12542 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12541 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12538 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-05-21 | CVE-2019-12252 | Authorization Bypass Through User-Controlled Key vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | 6.5 |