Vulnerabilities > Zohocorp > Servicedesk Plus > 9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-14 | CVE-2016-4890 | 7PK - Security Features vulnerability in Zohocorp Servicedesk Plus 9.0 ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. | 5.0 |
2017-04-14 | CVE-2016-4888 | Cross-site Scripting vulnerability in Zohocorp Servicedesk Plus 9.0 Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-02-04 | CVE-2015-1479 | SQL Injection vulnerability in Zohocorp Servicedesk Plus 9.0 SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. | 6.5 |