Servicedesk Plus Msp
Approved changes feed: RSS · Atom
cpe:2.3:a:manageengine:servicedesk_plus_msp:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Manageengine (b7eba64e-d5d7-5395-be8c-84fe138ee37e) |
|---|---|
| Product | Servicedesk Plus Msp (fc415906-07b4-52a4-8f2d-93804c643fd8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8309 |
vulnerable | 2026-06-03 15:13:43.354169 |
User privilege escalation vulnerability
HIGH (8.1)
There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp.
This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940.
Published: 2025-08-20T16:53:29.010Z
Updated: 2026-02-26T17:48:22.736Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3444 |
vulnerable | 2026-06-03 15:01:04.419781 |
Local File Inclusion
MEDIUM (6.5)
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.
Published: 2025-05-22T10:31:48.562Z
Updated: 2025-05-22T18:28:27.922Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50053 |
vulnerable | 2026-06-03 14:57:23.569055 |
Stored XSS
MEDIUM (6.3)
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
Published: 2025-03-21T06:01:39.945Z
Updated: 2025-05-05T13:24:19.125Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41150 |
vulnerable | 2026-06-03 14:56:34.107362 |
Stored XSS
MEDIUM (6.3)
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
Published: 2024-08-23T14:08:17.169Z
Updated: 2024-08-23T14:38:15.256Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.