Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Servicedesk Plus Security Vulnerabilities

cve
cve

CVE-2015-1479

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.

8.1AI Score

0.001EPSS

2015-02-04 04:59 PM
37
cve
cve

CVE-2016-4888

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS

5.3AI Score

0.001EPSS

2017-04-14 06:59 PM
26
cve
cve

CVE-2016-4889

ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.

8.8CVSS

8.6AI Score

0.004EPSS

2017-04-14 06:59 PM
25
cve
cve

CVE-2016-4890

ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

5.3CVSS

5.1AI Score

0.002EPSS

2017-04-14 06:59 PM
31
cve
cve

CVE-2019-10008

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login ...

8.8CVSS

8.8AI Score

0.006EPSS

2019-04-24 07:29 PM
57