Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Servicedesk Plus  Security Vulnerabilities
CVE-2019-12189
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVSS Score
6.1
EPSS Score
0.064
Published
2019-05-21
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.
CVSS Score
6.5
EPSS Score
0.087
Published
2019-05-21
CVE-2019-10273
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
CVSS Score
4.3
EPSS Score
0.126
Published
2019-04-04
CVE-2017-9362
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-03-25
CVE-2017-9376
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-03-25
CVE-2019-8394
Known exploited
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVSS Score
6.5
EPSS Score
0.892
Published
2019-02-17
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVSS Score
9.8
EPSS Score
0.209
Published
2019-02-17
CVE-2018-7248
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.
CVSS Score
5.3
EPSS Score
0.047
Published
2018-05-11
CVE-2018-5799
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
CVSS Score
6.1
EPSS Score
0.016
Published
2018-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved