GCVE - cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*

part: a version: 8.0 update: *

Vendor	Manageengine (`b7eba64e-d5d7-5395-be8c-84fe138ee37e`)
Product	Servicedesk Plus (`50ba9cbe-4744-57a0-a7a9-e726deb9a542`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/devynspencer/powershell-sdp`	purl2cpe	2026-06-01 10:13:05.021655

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2757`	vulnerable	2026-06-03 14:31:10.730027	Details available Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue. Published: 2011-07-17T20:00:00.000Z Updated: 2024-09-16T22:50:37.256Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/17503/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2756`	vulnerable	2026-06-03 14:31:10.727884	Details available FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. Published: 2011-07-17T20:00:00.000Z Updated: 2024-09-16T19:51:57.703Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/543310	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2755`	vulnerable	2026-06-03 14:31:10.727612	Details available Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. Published: 2011-07-17T20:00:00.000Z Updated: 2024-09-16T23:36:27.720Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/543310	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1509`	vulnerable	2026-06-03 14:31:02.054057	Details available The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Published: 2011-09-20T10:00:00.000Z Updated: 2024-08-06T22:28:41.803Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/69841 http://www.securityfocus.com/bid/49636 http://securityreason.com/securityalert/8385 http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp http://www.securityfocus.com/archive/1/519652/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.