161 matches found
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
Design/Logic Flaw
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
PT-2023-22266 · Zoho · Supportcenter Plus +3
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14105 ServiceDesk Plus MSP versions prior to 14200 SupportCenter Plus versions prior to 14200 AssetExplorer versions prior to 6989 Description: The issue allows attackers with SDAdmin...
ManageEngine SupportCenter Plus < 14.0 Build 14000 Privilege Escalation
The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14000 is running on the remote web server. It is, therefore, affected by the following: - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to restricted data in a Postgres...
ManageEngine SupportCenter Plus < 14.0 Build 14001 DoS
The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14001 is running on the remote web server. It is, therefore, affected by a denial of service vulnerability: - A Denial of Service vulnerability in image upload. This vulnerability allows an attacker to exploit the way an API metho...
ZOHO ManageEngine SupportCenter Plus 操作系统命令注入漏洞
ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide an exceptional customer experience in the process. A...
Code injection
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...
ZOHO ManageEngine SupportCenter Plus 安全漏洞
ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to enable organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide a superior customer experience in the process. A security...
PT-2022-26654 · Zoho · Zoho Manageengine Supportcenter Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine SupportCenter Plus versions through 11024 Description: The issue allows low-privileged users to view the organization users list. Recommendations: For versions through 11024, update to a version that contains a fix for this...
CVE-2022-42903
Summary: CVE-2022-42903 affects Zoho ManageEngine SupportCenter Plus up to version 11.0 Build 11024. The issue allows low-privileged users to view the organization users list, indicating an access-control exposure. Affected product/versions (per provided documents): Zoho ManageEngine SupportCente...
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...
Privilege escalation
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...
CVE-2022-40773
The CVE-2022-40773 issue affects Zoho ManageEngine ServiceDesk Plus MSP before 10609 and ManageEngine SupportCenter Plus before 11025. It is a privilege-escalation vulnerability in the exportMickeyList function that can allow a user to access sensitive data from the list view export. Root cause p...
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...
CVE-2022-36412
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...
CVE-2022-36412
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...
Authentication flaw
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...