ManageEngine ServiceDesk Plus MSP < 14.9 Build 14940 Privilege Escalation

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex...

ZOHO多款产品 安全漏洞

ZOHO ManageEngine ServiceDesk Plus and others are products of ZOHO, Inc. ZOHO ManageEngine ServiceDesk Plus is a suite of IT service management software based on the ITIL architecture.ZOHO ManageEngine ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software based on ITIL...

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

PT-2024-5294 · Zoho · Zoho Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions below 14730 Zoho ManageEngine ServiceDesk Plus MSP versions below 14720 Zoho ManageEngine SupportCenter Plus versions below 14720 Description: The vulnerability exists in the Custom Actions componen...

The vulnerability of the generateSQLReport() function in software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus, as well as the ManageEngine AssetExplorer software for managing IT assets, allows attackers to exploit their privileges.

The vulnerability of the generateSQLReport function in software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus, as well as the ManageEngine AssetExplorer software for IT asset management, is related to deficiencie...

PT-2023-22266 · Zoho · Supportcenter Plus +3

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14105 ServiceDesk Plus MSP versions prior to 14200 SupportCenter Plus versions prior to 14200 AssetExplorer versions prior to 6989 Description: The issue allows attackers with SDAdmin...

ZOHO ManageEngine ServiceDesk Plus 资源管理错误漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management, IT Project Management, Procurement and Contract Management module...

PT-2022-7164 · Manageengine · Manageengine Servicedesk Plus +2

Name of the Vulnerable Software and Affected Versions: ManageEngine ServiceDesk Plus versions 14104 and earlier ManageEngine ServiceDesk Plus MSP versions 14000 and earlier ManageEngine Support Center Plus versions 14000 and earlier ManageEngine Asset Explorer versions 6987 and earlier Descriptio...

The vulnerability of the configuration of software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus lies in the absence of authentication procedures, which allow attackers to execute arbitrary code.

The vulnerability of the configuration of software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus lies in the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

PT-2021-6071

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11306 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10530 Zoho ManageEngine SupportCenter Plus versions prior to 11014 Description The issue is related to unauthenticated remote...

CVE-2021-31530

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure...

ZOHO ManageEngine ServiceDesk Plus 代码问题漏洞

Zoho ManageEngine ServiceDesk Plus MSP is a web-based ITSM suite designed for managed service providers. A server-side request forgery vulnerability exists in versions prior to Zoho ManageEngine ServiceDesk Plus MSP 10521. No detailed vulnerability details are provided at this time...