Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2022/12/02 12:0 a.m.19 views

ManageEngine ServiceDesk Plus MSP < 10.6 Build 10609 Privilege Escalation

A privilege escalation vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 10.6 Build 10609. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...

6.5CVSS6.5AI score0.0296EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/12/02 12:0 a.m.101 views

ManageEngine ServiceDesk Plus < 14.0 Build 14001 Multiple Vulnerabilities

The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14001. It is, therefore, affected by multiple vulnerabilities, including the following: - An XML external entity XXE vulnerability due to a flaw in the Analytics Plus integration. Threat actors with adm...

6.5CVSS5.9AI score0.03456EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/12/02 12:0 a.m.23 views

ManageEngine SupportCenter Plus < 11.0 Build 11025 Privilege Escalation

A privilege escalation vulnerability exists in ManageEngine SupportCenter Plus prior to 11.0 Build 11025. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...

6.5CVSS6.5AI score0.0296EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/12/02 12:0 a.m.35 views

ManageEngine AssetExplorer < 6.9 Build 6981 Privilege Escalation

A privilege escalation vulnerability exists in ManageEngine AssetExplorer prior to 6.9 Build 6981. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation mechanism...

6.5CVSS6.5AI score0.0296EPSS
Exploits0References3
NVD
NVD
added 2022/11/23 6:15 p.m.22 views

CVE-2022-40772

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module...

6.5CVSS0.0296EPSS
Exploits0References2
CVE
CVE
added 2022/11/23 12:0 a.m.82 views

CVE-2022-40772

CVE-2022-40772 affects Zoho ManageEngine ServiceDesk Plus versions 13010 and earlier. A validation bypass in the report module allows an attacker to access sensitive data. Public details in the initial and linked records confirm the affected product/version and the data exposure via the report mo...

6.5CVSS6.3AI score0.0296EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder