GCVE - cpe:2.3:a:manageengine:supportcenter_plus:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:manageengine:supportcenter_plus:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Manageengine (`b7eba64e-d5d7-5395-be8c-84fe138ee37e`)
Product	Supportcenter Plus (`1ab9e0c6-a18e-5b51-9e9d-e24dc8471d1a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8309`	vulnerable	2026-06-03 15:13:43.355642	User privilege escalation vulnerability HIGH (8.1) There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940. Published: 2025-08-20T16:53:29.010Z Updated: 2026-02-26T17:48:22.736Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/cve-2025-8309.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3444`	vulnerable	2026-06-03 15:01:04.420772	Local File Inclusion MEDIUM (6.5) Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded. Published: 2025-05-22T10:31:48.562Z Updated: 2025-05-22T18:28:27.922Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk-msp/cve-2025-3444.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-41150`	vulnerable	2026-06-03 14:56:34.107986	Stored XSS MEDIUM (6.3) An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. Published: 2024-08-23T14:08:17.169Z Updated: 2024-08-23T14:38:15.256Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/CVE-2024-41150.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-27314`	vulnerable	2026-06-03 14:55:17.370052	Stored XSS Vulnerability LOW (2.4) Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. Published: 2024-05-27T07:03:13.441Z Updated: 2024-08-02T00:27:59.873Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/cve-2024-27314.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.