Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Manageengine Servicedesk Plus Security Vulnerabilities - 2020

cve
cve

CVE-2019-15083

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator s...

6.1CVSS

6.1AI Score

0.024EPSS

2020-05-14 02:15 PM
96
cve
cve

CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

6.5CVSS

6.3AI Score

0.001EPSS

2020-05-18 10:15 PM
715
cve
cve

CVE-2020-14048

Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.

7.5CVSS

7.6AI Score

0.004EPSS

2020-06-12 02:15 AM
41
cve
cve

CVE-2020-6843

Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.

4.8CVSS

5.1AI Score

0.011EPSS

2020-01-23 03:15 PM
39