Manageengine Servicedesk Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Manageengine Servicedesk Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2014-5302 — CVSS 8.8 (high): Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to…
CVE-2014-5301 — CVSS 8.8 (high): Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to…
CVE-2008-1299 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote…
CVE-2011-2756 — CVSS 5.0 (medium): FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to…
CVE-2011-2757 — CVSS 5.0 (medium): Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read…
CVE-2011-1509 — CVSS 5.0 (medium): The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of…
CVE-2011-2755 — CVSS 5.0 (medium): Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to…
CVE-2012-2585 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web…
CVE-2011-1510 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to…
CVE-2015-1480 — CVSS 4.0 (medium): ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via…