GCVE - cpe:2.3:a:manageengine:servicedesk_plus:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:manageengine:servicedesk_plus:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Manageengine (`b7eba64e-d5d7-5395-be8c-84fe138ee37e`)
Product	Servicedesk Plus (`50ba9cbe-4744-57a0-a7a9-e726deb9a542`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/devynspencer/powershell-sdp`	purl2cpe	2026-06-01 10:13:05.017896

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-27314`	vulnerable	2026-06-03 14:55:17.368056	Stored XSS Vulnerability LOW (2.4) Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. Published: 2024-05-27T07:03:13.441Z Updated: 2024-08-02T00:27:59.873Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/cve-2024-27314.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5302`	vulnerable	2026-06-03 14:34:06.014725	Details available Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code. Published: 2017-08-28T15:00:00.000Z Updated: 2024-08-06T11:41:47.927Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/99611 http://secunia.com/advisories/62105 http://seclists.org/fulldisclosure/2015/Jan/5 http://seclists.org/fulldisclosure/2015/Jan/12 http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5301`	vulnerable	2026-06-03 14:34:06.011050	Details available Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. Published: 2017-08-28T15:00:00.000Z Updated: 2024-08-06T11:41:47.958Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/35845/ http://secunia.com/advisories/62105 http://seclists.org/fulldisclosure/2015/Jan/5 https://exchange.xforce.ibmcloud.com/vulnerabilities/99610 http://packetstormsecurity.com/files/130020/ManageEngine-Multiple-Products-Authenticated-File-Upload.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.