Lucene search
K

161 matches found

NVD
NVD
added 2023/04/26 9:15 p.m.14 views

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...

4.9CVSS5AI score0.03026EPSS
Exploits0References1
Prion
Prion
added 2023/04/26 9:15 p.m.26 views

Design/Logic Flaw

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...

3.3CVSS5AI score0.03026EPSS
Exploits0References1Affected Software4
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.6 views

PT-2023-22266 · Zoho · Supportcenter Plus +3

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14105 ServiceDesk Plus MSP versions prior to 14200 SupportCenter Plus versions prior to 14200 AssetExplorer versions prior to 6989 Description: The issue allows attackers with SDAdmin...

4.9CVSS7.1AI score0.03026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/17 12:0 a.m.31 views

ManageEngine SupportCenter Plus < 14.0 Build 14000 Privilege Escalation

The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14000 is running on the remote web server. It is, therefore, affected by the following: - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to restricted data in a Postgres...

6.5CVSS6.6AI score0.06308EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/17 12:0 a.m.49 views

ManageEngine SupportCenter Plus < 14.0 Build 14001 DoS

The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14001 is running on the remote web server. It is, therefore, affected by a denial of service vulnerability: - A Denial of Service vulnerability in image upload. This vulnerability allows an attacker to exploit the way an API metho...

7.5CVSS7.4AI score0.34065EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.5 views

ZOHO ManageEngine SupportCenter Plus 操作系统命令注入漏洞

ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide an exceptional customer experience in the process. A...

9.8CVSS8.4AI score0.7427EPSS
Exploits0References3
Prion
Prion
added 2022/11/17 10:15 p.m.33 views

Code injection

Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...

1.7CVSS4AI score0.00492EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/17 12:0 a.m.10 views

CVE-2022-42903

Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...

7AI score0.00492EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/17 12:0 a.m.5 views

ZOHO ManageEngine SupportCenter Plus 安全漏洞

ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to enable organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide a superior customer experience in the process. A security...

3.3CVSS4.9AI score0.00492EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.8 views

PT-2022-26654 · Zoho · Zoho Manageengine Supportcenter Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine SupportCenter Plus versions through 11024 Description: The issue allows low-privileged users to view the organization users list. Recommendations: For versions through 11024, update to a version that contains a fix for this...

3.3CVSS3.9AI score0.00492EPSS
Exploits0References4
CVE
CVE
added 2022/11/17 12:0 a.m.60 views

CVE-2022-42903

Summary: CVE-2022-42903 affects Zoho ManageEngine SupportCenter Plus up to version 11.0 Build 11024. The issue allows low-privileged users to view the organization users list, indicating an access-control exposure. Affected product/versions (per provided documents): Zoho ManageEngine SupportCente...

3.3CVSS4.1AI score0.00492EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/12 4:15 a.m.5 views

CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...

8.8CVSS5.8AI score0.04545EPSS
Exploits0References2
NVD
NVD
added 2022/11/12 4:15 a.m.15 views

CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...

8.8CVSS0.04545EPSS
Exploits0References2
Prion
Prion
added 2022/11/12 4:15 a.m.16 views

Privilege escalation

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...

6.5CVSS8.5AI score0.04545EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/11/12 12:0 a.m.60 views

CVE-2022-40773

The CVE-2022-40773 issue affects Zoho ManageEngine ServiceDesk Plus MSP before 10609 and ManageEngine SupportCenter Plus before 11025. It is a privilege-escalation vulnerability in the exportMickeyList function that can allow a user to access sensitive data from the list view export. Root cause p...

8.8CVSS8.5AI score0.04545EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2022/11/12 12:0 a.m.10 views

CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...

8.6AI score0.04545EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/12 12:0 a.m.21 views

CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...

8.8AI score0.04545EPSS
Exploits0References2
NVD
NVD
added 2022/07/26 2:15 p.m.26 views

CVE-2022-36412

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...

9.8CVSS0.0579EPSS
Exploits0References1
OSV
OSV
added 2022/07/26 2:15 p.m.4 views

CVE-2022-36412

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...

9.8CVSS7.3AI score0.0579EPSS
Exploits0References1
Prion
Prion
added 2022/07/26 2:15 p.m.17 views

Authentication flaw

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...

7.5CVSS9.2AI score0.0579EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder