Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-07-07 | CVE-2023-34197 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 8.1/8.2/9.0 Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | 5.4 |
| 2023-04-26 | CVE-2023-29443 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | 4.9 |
| 2023-03-06 | CVE-2023-26600 | Unspecified vulnerability in Zohocorp products ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | 6.5 |
| 2023-02-01 | CVE-2023-23073 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | 6.1 |
| 2023-02-01 | CVE-2023-23074 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | 6.1 |
| 2023-02-01 | CVE-2023-23077 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 13.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | 6.1 |
| 2023-02-01 | CVE-2023-23078 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | 6.1 |
| 2022-11-23 | CVE-2022-40771 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 |
| 2022-11-23 | CVE-2022-40772 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | 6.5 |