Lucene search

ManageEngineCVE-2024-41150

HistoryAug 23, 2024 - 3:15 p.m.

CVE-2024-41150

2024-08-2315:15:16

CWE-79

ManageEngine

web.nvd.nist.gov

stored xss

cve-2024-41150

zohocorp manageengine

servicedesk plus

msp

supportcenter plus

security vulnerability

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

EPSS

0.002

Percentile

51.9%

JSON

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.

Affected configurations

Nvd

Node

zohocorpmanageengine_servicedesk_plusRange≤14.7

zohocorpmanageengine_servicedesk_plusMatch14.814810

zohocorpmanageengine_servicedesk_plus_mspRange≤14.7

zohocorpmanageengine_servicedesk_plus_mspMatch14.814800

zohocorpmanageengine_supportcenter_plusRange≤14.7

zohocorpmanageengine_supportcenter_plusMatch14.814800

VendorProductVersionCPE
zohocorpmanageengine_servicedesk_plus*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus14.8cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp14.8cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus*cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus14.8cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_servicedesk_plus	*	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus::::::::
zohocorp	manageengine_servicedesk_plus	14.8	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810::::::
zohocorp	manageengine_servicedesk_plus_msp	*	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp::::::::
zohocorp	manageengine_servicedesk_plus_msp	14.8	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800::::::
zohocorp	manageengine_supportcenter_plus	*	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus::::::::
zohocorp	manageengine_supportcenter_plus	14.8	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800::::::

CNA Affected

[
  {
    "collectionURL": "https://www.manageengine.com/products/service-desk/",
    "defaultStatus": "unaffected",
    "product": "ServiceDesk Plus",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThanOrEqual": "14810",
        "status": "affected",
        "version": "0",
        "versionType": "14810"
      }
    ]
  },
  {
    "collectionURL": "https://www.manageengine.com/products/service-desk/",
    "defaultStatus": "unaffected",
    "product": "ServiceDesk Plus MSP",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThanOrEqual": "14800",
        "status": "affected",
        "version": "0",
        "versionType": "14810"
      }
    ]
  },
  {
    "collectionURL": "https://www.manageengine.com/products/service-desk/",
    "defaultStatus": "unaffected",
    "product": "SupportCenter Plus",
    "vendor": "ManageEngine",
    "versions": [
      {
        "lessThanOrEqual": "14800",
        "status": "affected",
        "version": "0",
        "versionType": "14810"
      }
    ]
  }
]

References

www.manageengine.com/products/service-desk/CVE-2024-41150.html