GCVE - cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Manageengine (`b7eba64e-d5d7-5395-be8c-84fe138ee37e`)
Product	Servicedesk Plus (`50ba9cbe-4744-57a0-a7a9-e726deb9a542`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/devynspencer/powershell-sdp`	purl2cpe	2026-06-01 10:13:05.016941

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8309`	vulnerable	2026-06-03 15:13:43.352491	User privilege escalation vulnerability HIGH (8.1) There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940. Published: 2025-08-20T16:53:29.010Z Updated: 2026-02-26T17:48:22.736Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/cve-2025-8309.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-50053`	vulnerable	2026-06-03 14:57:23.568364	Stored XSS MEDIUM (6.3) Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Published: 2025-03-21T06:01:39.945Z Updated: 2025-05-05T13:24:19.125Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/CVE-2024-50053.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-41150`	vulnerable	2026-06-03 14:56:34.105168	Stored XSS MEDIUM (6.3) An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. Published: 2024-08-23T14:08:17.169Z Updated: 2024-08-23T14:38:15.256Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/CVE-2024-41150.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1480`	vulnerable	2026-06-03 14:34:39.553239	Details available ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp. Published: 2015-02-04T16:00:00.000Z Updated: 2024-08-06T04:47:16.023Z Open on db.gcve.eu Reference links http://osvdb.org/show/osvdb/117499 http://www.exploit-db.com/exploits/35904 http://www.securityfocus.com/bid/72302 http://www.securityfocus.com/archive/1/534538/100/0/threaded http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2757`	vulnerable	2026-06-03 14:31:10.728158	Details available Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue. Published: 2011-07-17T20:00:00.000Z Updated: 2024-09-16T22:50:37.256Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/17503/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1510`	vulnerable	2026-06-03 14:31:02.054466	Details available Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. Published: 2011-09-20T10:00:00.000Z Updated: 2024-08-06T22:28:41.807Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/69840 http://www.securityfocus.com/bid/49636 http://securityreason.com/securityalert/8385 http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp http://www.securityfocus.com/archive/1/519652/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1509`	vulnerable	2026-06-03 14:31:02.053482	Details available The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Published: 2011-09-20T10:00:00.000Z Updated: 2024-08-06T22:28:41.803Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/69841 http://www.securityfocus.com/bid/49636 http://securityreason.com/securityalert/8385 http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp http://www.securityfocus.com/archive/1/519652/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.