Zoho Corp ManageEngine ServiceDesk Plus MSP 10.6 10602
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*
part: a version: 10.6 update: 10602
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Servicedesk Plus Msp (e2c7e134-94e2-52f3-b9ab-d3a2225cb0a0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-22964 |
vulnerable | 2026-06-03 14:49:20.780389 |
Details available
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
Published: 2023-01-20T00:00:00.000Z
Updated: 2025-04-03T15:07:12.782Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40773 |
vulnerable | 2026-06-03 14:48:03.584701 |
Details available
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
Published: 2022-11-12T00:00:00.000Z
Updated: 2025-05-01T13:30:33.850Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40772 |
vulnerable | 2026-06-03 14:48:03.582779 |
Details available
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Published: 2022-11-23T00:00:00.000Z
Updated: 2025-04-28T19:34:22.092Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40770 |
vulnerable | 2026-06-03 14:48:03.541328 |
Details available
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Published: 2022-11-23T00:00:00.000Z
Updated: 2025-04-28T19:38:56.406Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35403 |
vulnerable | 2026-06-03 14:47:37.958771 |
Details available
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
Published: 2022-07-12T21:56:46.000Z
Updated: 2024-08-03T09:36:43.375Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-32551 |
vulnerable | 2026-06-03 14:47:22.703211 |
Details available
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
Published: 2022-07-01T23:51:50.000Z
Updated: 2024-08-03T07:46:43.628Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.