6 matches found
ManageEngine ServiceDesk Plus MSP < 10.6 Build 10609 Privilege Escalation
A privilege escalation vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 10.6 Build 10609. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...
ManageEngine ServiceDesk Plus < 14.0 Build 14001 Multiple Vulnerabilities
The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14001. It is, therefore, affected by multiple vulnerabilities, including the following: - An XML external entity XXE vulnerability due to a flaw in the Analytics Plus integration. Threat actors with adm...
ManageEngine SupportCenter Plus < 11.0 Build 11025 Privilege Escalation
A privilege escalation vulnerability exists in ManageEngine SupportCenter Plus prior to 11.0 Build 11025. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...
ManageEngine AssetExplorer < 6.9 Build 6981 Privilege Escalation
A privilege escalation vulnerability exists in ManageEngine AssetExplorer prior to 6.9 Build 6981. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation mechanism...
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module...
CVE-2022-40772
CVE-2022-40772 affects Zoho ManageEngine ServiceDesk Plus versions 13010 and earlier. A validation bypass in the report module allows an attacker to access sensitive data. Public details in the initial and linked records confirm the affected product/version and the data exposure via the report mo...