Zoho Corp ManageEngine ServiceDesk Plus 10.0.0 10012
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*
part: a version: 10.0.0 update: 10012
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Servicedesk Plus (25373568-3a9b-52b0-9856-05e6cf15479d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-44526 |
vulnerable | 2026-06-03 14:45:36.471125 |
Details available
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
Published: 2021-12-23T14:57:02.000Z
Updated: 2024-08-04T04:25:16.449Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20080 |
vulnerable | 2026-06-03 14:43:41.030296 |
Details available
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
Published: 2021-04-09T17:21:07.000Z
Updated: 2024-08-03T17:30:07.498Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14048 |
vulnerable | 2026-06-03 14:41:37.851971 |
Details available
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
Published: 2020-06-12T01:41:42.000Z
Updated: 2024-08-04T12:32:14.676Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-15083 |
vulnerable | 2026-06-03 14:39:47.055748 |
Details available
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
Published: 2020-05-14T13:45:08.000Z
Updated: 2024-08-05T00:34:53.239Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.