GCVE - cpe:2.3:a:zohocorp:manageengine_servicedesk

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*

part: a version: 9.3 update: 9317

Vendor	Zohocorp (`4f1ab088-ab0e-54ac-b0dc-2304879a7502`)
Product	Manageengine Servicedesk Plus (`25373568-3a9b-52b0-9856-05e6cf15479d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-44526`	vulnerable	2026-06-03 14:45:36.440252	Details available Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Published: 2021-12-23T14:57:02.000Z Updated: 2024-08-04T04:25:16.449Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20080`	vulnerable	2026-06-03 14:43:40.999402	Details available Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. Published: 2021-04-09T17:21:07.000Z Updated: 2024-08-03T17:30:07.498Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14048`	vulnerable	2026-06-03 14:41:37.820480	Details available Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. Published: 2020-06-12T01:41:42.000Z Updated: 2024-08-04T12:32:14.676Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk/on-premises/readme.html https://gitlab.com/eLeN3Re/CVE-2020-14048	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-7248`	vulnerable	2026-06-03 14:39:06.732326	Details available An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not. Published: 2018-05-11T14:00:00.000Z Updated: 2024-08-05T06:24:11.842Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/104287 https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0 https://gitlab.com/e-sterling/cve-2018-7248	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Zoho Corp ManageEngine ServiceDesk Plus 9.3 9317

PURL mappings

Vulnerability references

Contribute