Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Manageengine Supportcenter Plus Security Vulnerabilities - 2023

cve
cve

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain secu...

9.8CVSS

9.8AI Score

0.975EPSS

2023-01-18 06:15 PM
703
In Wild
cve
cve

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.

9.8CVSS

9.5AI Score

0.001EPSS

2023-02-01 08:15 PM
42
cve
cve

CVE-2023-26600

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

6.5CVSS

6.6AI Score

0.002EPSS

2023-03-06 08:15 PM
46
cve
cve

CVE-2023-26601

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).

7.5CVSS

7.4AI Score

0.001EPSS

2023-03-06 10:15 PM
62
cve
cve

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

4.9CVSS

5AI Score

0.001EPSS

2023-04-26 09:15 PM
39
cve
cve

CVE-2023-34197

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.

5.4CVSS

5.6AI Score

0.003EPSS

2023-07-07 01:15 PM
35
cve
cve

CVE-2023-35785

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Repor...

8.1CVSS

8AI Score

0.021EPSS

2023-08-28 08:15 PM
72
cve
cve

CVE-2023-38331

Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.

5.4CVSS

5.2AI Score

0.008EPSS

2023-07-28 02:15 AM
28
cve
cve

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwo...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-11-15 09:15 PM
28